Manually add a control to a third party or engagement

  • Release version: Washingtondc
  • Updated March 28, 2025
  • 1 minute to read

    • If you’re using both Policy and Compliance Management and Third-party Risk Management, you can associate controls with third parties and engagements. Controls can be marked as compliant or non-compliant.

    Before you begin

    Role required: admin or sn_vdr_risk_asmt.vendor_risk_admin

    About this task

    Controls are automatically generated when you associate a policy with an entity type or an entity type with a control objective. A control is created for each entity listed in the entity type for the control objective. Controls can also be manually created.

    For more information on creating policies in Policy and Compliance Management, see Create a policy.

    To understand the difference between a control objective and a control, see Structural overview of Policy and Compliance Management.

    Procedure

    1. Navigate to Workspaces > Vendor Management Workspace.
    2. Select the list icon (List icon.) and then navigate to Third parties > All third parties or Engagements > All engagements
    3. Select the third party or engagement that you want.
    4. Navigate to the Controls tab of the third party or engagement.
    5. Assign a control to the engagement by selecting New.
    6. On the form, fill in the fields.
      For descriptions of all these fields, see Create new control form.
    7. Select Submit.
      For more information on managing controls, see Manage controls.
      The control is created and all related lists are visible.