Relate a control objective to a citation

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • A single control objective can be mapped to many citations from different authority documents. This function allows you to test a control objective once while complying with many different citations.

    Before you begin

    Role required: sn_compliance_admin or sn_compliance_manager

    Procedure

    1. Navigate to All > Policy and Compliance > Compliance > Citations.
    2. Open a citation.
    3. In the Control Objectives related list, click New.
    4. On the form, fill in the fields.
      Table 1. Control objective form
      Field Description
      Name Name of the control objective.
      Source Source of the policy. For example, if the statement is from a third-party provider, indicate which one.
      Source ID Unique identification number used by the source to catalog this authority document.
      Reference Unique numerical identifier.
      Policy Parent control objective supported by this control objective.
      Parent References the parent content.
      Active Option that indicates if a policy is active. If the control objective is not in the Draft or Retired states, a policy is marked active.
      Category Select from a list of options:
      • Acquisition or sale of facilities, technology, and services
      • Audits and risk management
      • Compliance and Governance Manual of Style
      • Human Resources management
      • Leadership and high-level objectives
      • Monitoring and measurement
      • Operational management
      • Physical and environmental protection
      • Privacy protection for information and data
      • Records management
      • System hardening through configuration management
      • Systems continuity
      • Systems design, build, and implementation
      • Technical security
      • Third Party and supply chain oversight
      • Root
      • Deprecated
      Classification Select from a list of options:
      • Preventive
      • Corrective
      • Detective
      • IT Impact Zone
      Type Select from a list of options:
      • Acquisition/Sale of Assets or Services
      • Actionable Reports or Measurements
      • Audits and Risk Management
      • Behavior
      • Business Processes
      • Communicate
      • Configuration
      • Data and Information Management
      • Duplicate
      • Establish Roles
      • Establish/Maintain Documentation
      • Human Resources Management
      • Investigate
      • IT Impact Zone
      • Log Management
      • Maintenance
      • Monitor and Evaluate Occurrences
      • Physical and Environmental Protection
      • Process or Activity
      • Records Management
      • Systems Continuity
      • Systems Design, Build, and Implementation
      • Technical Security
      • Testing
      • Training
      Description Description of the control objective and how it supports the goals of the organization.
    5. Click Submit.
      The control objective that you created is related to the citation.