Manually add a control to a third party or engagement

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • If you’re using both Policy and Compliance Management and Third-party Risk Management, you can associate controls with third parties and engagements. Controls can be marked as compliant or non-compliant.

    Before you begin

    Role required: sn_compliance.manager and sn_vdr_risk_asmt.vendor_risk_manager to associate controls in the Vendor Management Workspace.

    About this task

    Controls and control objectives are created and managed in Policy and Compliance Management and can then be associated with third parties or engagements.

    Controls are automatically generated when you associate a policy with an entity type or an entity type with a control objective. A control is created for each entity listed in the entity type for the control objective. Controls can also be manually associated with a third party or engagement.

    For more information on creating policies in Policy and Compliance Management, see Create a policy.

    To understand the difference between a control objective and a control, see Structural overview of Policy and Compliance Management.

    Procedure

    1. Navigate to Workspaces > Vendor Management Workspace.
    2. Select the list icon and then navigate to Third parties > All third parties or Engagements > All engagements
    3. Select the third party or engagement that you want.
    4. Navigate to the Controls tab of the third party or engagement.
    5. Assign a control to the engagement by selecting New.
    6. On the form, fill in the fields.
      For descriptions of all these fields, see Create new control form.
    7. Select Submit.
      For more information on managing controls, see Manage controls.
      The control is associated with the third party or engagement and all related lists are visible.