Implementing Controls

  • Updated on Feb 18, 2025
  • Published on Dec 16, 2024
  • 3 minute(s) read
  • BP

What is the Implementation Steps & Checks Feature?

The Implementation Steps & Checks feature in Kertos helps organizations track, manage, and automate the completion of compliance controls. By breaking down controls into clear, actionable steps and automating evidence collection, this feature ensures smooth progress toward compliance goals with minimal manual effort.

In its latest iteration, Implementation Checks for Policies introduces an automated validation layer for all Implementation Steps related to Policies, ensuring that policy acceptance is automatically tracked and linked to implementation steps. This eliminates the need for manual verification and streamlines compliance readiness.

  1. Auto-Closed Tasks – The system automatically closes tasks when linked policies meet compliance conditions. In this case, the “Create and approve Information Security Policy” step has been auto-closed because Kertos detected the policy was properly linked.

  2. Evidence Section – Displays linked policies or other compliance artifacts that serve as evidence for the implementation step. In this example, the Information Security Policy was automatically linked and marked as compliant.

  3. Automated Validation Message – A green confirmation banner at the bottom highlights that Kertos has auto-linked the evidence and marked the step as done, requiring no further action.

  4. Automatic Re-Evaluation of Compliance – If new employees join the company and have not yet accepted the policy, Kertos will automatically uncheck the implementation step and notify users that evidence is outdated. This ensures real-time tracking and prevents compliance gaps.

By automating policy verification, Kertos significantly reduces manual compliance tracking and ensures real-time audit readiness.

How It Works

The Implementation Progress section within the Controls Page allows users to track the status of implementation steps in two key ways:

1️⃣ Manual Tracking (Traditional Implementation Steps)

  • Users can manually check off implementation steps as completed.

  • Tasks can be created and assigned to responsible team members.

  • Progress is manually updated as tasks are completed.

2️⃣ Automated Verification (Implementation Checks for Policies)

  • The system automatically validates whether an implementation step is fulfilled based on collected evidence.

  • If a policy has not been accepted by all assigned employees (e.g., due to new hires), the implementation check flags it as outdated evidence.

  • Real-time compliance status is updated directly in the Controls Page.

Progress Overview

  • Displays the overall completion percentage (e.g., 2/3 completed).

  • Eliminates the need for manual tracking and verification when evidence is automatically collected.

  • Tracks policy approval status and allows to create tasks from within this interface.

Creating and Managing Tasks for Implementation Steps

When expanding an Implementation Step, it expands to show additional details and an option to create tasks. You can create and assign tasks to ensure accountability and progress tracking. Tasks connect specific actions to team members, making it easier to complete implementation steps efficiently.

What is Displayed?

  1. Step Title:

    • The title of the implementation step (e.g., “Assign overall responsibility for the ISMS”).

  2. Step Description:

    • A detailed explanation of what the step entails.

    • Example: “Top management shall designate an individual or role (e.g., Chief Information Security Officer or ISMS Manager) with overall responsibility for the ISMS, ensuring accountability for its implementation, maintenance, and improvement.”

  3. Create Task Option:

    • A “Create task” button (highlighted in purple) allows users to link actionable tasks to this step.

    • This feature ensures accountability by assigning ownership and tracking progress.

How to Create a Task

  1. Task Details:

    • The Task Title automatically reflects the step name (e.g., Assign overall responsibility for the ISMS).

    • The From Control section links the task to the relevant control for better context.

  2. Add Task Information:

    • Description: Add details or instructions to clarify what needs to be done.

    • Assignee: Select the team member responsible for completing the task.

    • Due Date: Set a deadline to keep the implementation on track.

  3. Save or Discard:

    • Click Save to create the task and link it to the step.

    • Use Discard to cancel if no changes are needed.

Why Use Tasks?

  • Clear Ownership: Assign tasks to ensure someone is accountable for completing each step.

  • Better Tracking: Set deadlines to keep implementation progress on schedule.

  • Team Collaboration: Tasks provide clear instructions, reducing confusion about roles and responsibilities.