What determines the STATUS of a control in GRC?

juliesutton
Mega Expert

I have a policy with an associated control objective, control, indicator template and indicator.  The indicator shows passing as the last result.  What changes the status of the control itself?  It shows non-compliant?  Is that tied to the attestation?

Thanks,

Julie Sutton

1 ACCEPTED SOLUTION

SanjivMeher
Kilo Patron
Kilo Patron

The Control Status is dependent on both Indicator task result as well as attestation result.

So if the attestation was failed, control becomes non-compliant

Or if the indicator task failed, control becomes non-compliant.

In any case an issue is created. So you should check, if there is an issue still open. 

Even if the last indicator task was passed, there could be an old indicator task, which was failed and its corresponding issue is still open, which is keeping the control non-compliant.


Please mark this response as correct or helpful if it assisted you with your question.

View solution in original post

12 REPLIES 12

sachin_namjoshi
Kilo Patron
Kilo Patron

 

A control is implementation of a control objective for a scoped entity.

Following is lifecycle of control State

  •  Draft

Controls are created in draft state,they are automatically generated when you associate a policy with a Entity type or a Entity type with a control objective,they can also be manually created.

  • Attest

Control owners are assigned to attest.When Control is set back to draft the attestation is cancelled.

  • Review

Controls are automatically moved to review from the attestation phase.

  • Monitor

Compliance managers or administrators(only if they impersonate a user with a Compliance Manager role) can move a control from review to monitor state.In this state indicators monitor the control's status.

  • Retired 

Compliance managers or administrators(only if they impersonate a user with a Compliance Manager role) can move a control from Monitor to Retired.All the associated indicators do not run and all the associated attestations are canceled.

 

 

Regards,

Sachin

So when do the control status change?  Right now, the control is in the monitor state with status of Non-Compliant even though the indicator shows passing.

Hi,

This depends on many factors, Indicator, indicator results, task and the attestation attached to it.


Thanks,
Ashutosh

Do you have any custom code on your control table which is not allowing status change?

I will suggest you to turn on field watcher for state field to see all code updating state on your instance.

 

Regards,

Sachin