Applying Controls to Risks

  • Updated on Dec 16, 2024
  • Published on Dec 16, 2024
  • 1 minute(s) read
  • BP

Why is Risk Control Mapping Important?

To comply with standards like ISO 27001 or NIS2, organizations must link appropriate controls to mitigate identified risks effectively. The controls provide actionable measures to address vulnerabilities, reduce threats, and ensure compliance.

Standards such as ISO 27001:2022 list controls, which can be challenging to navigate manually. Linking controls to risks is critical to:

  • Ensure appropriate mitigation of risks.

  • Simplify compliance documentation for audits.

  • Prioritize actionable measures based on risk context.

The Risk Control Mapping feature helps organizations streamline this process by suggesting relevant controls and enabling efficient selection.

Applied Controls Overview

In the Applied Controls section, you can see the controls linked to a specific risk. Each control includes the following details:

  • ID: The identifier of the control (e.g., 10.2 or A.5.8).

  • Controls: The name of the control (e.g., Nonconformity and corrective action or Information security in project management).

  • Applicable: Indicates whether the control is applicable to the risk (Yes).

  • Status: Shows the progress of implementation for each control (e.g., 1/2 or 0/3 tasks completed).

In this example:

  1. Control 10.2: Nonconformity and corrective action – 1 out of 2 tasks are completed.

  2. Control A.5.8: Information security in project management – 0 out of 3 tasks are completed.

To link more controls, use the Link Controls button at the top right.

In the Link Applied Controls modal, users can link controls with a specific risk.

Key elements include:

  • Control Categories: Controls are grouped under categories such as Organisational, Technological, Physical, and People.

  • Suggested Controls: A list of relevant controls is displayed based on predefined mappings.

  • Multi-Selection: Users can select multiple controls at once (e.g., 10.2 Nonconformity and Corrective Action and A.5.8 Information Security in Project Management).

  • Control Details: Each control includes a brief description with a “View more” option for additional information.

  • Controls Page: On the Link Icon users can be redirected to the respective Controls page.