After identifying risks, define controls or import them from UCF authority documents. A
control is a process to mitigate risk, enforce a mandated policy statement, and address the
directive of an authority document. The control may have one or many control tests associated
with it. This ensures that the control is effective and provides continued compliance. Controls
can also be directly associated with citations to map an organization's internal controls to
those mandated by the authority document.
GRC super controls
A super control is a control shared by multiple authority documents.
When a new version of a super control is downloaded, the system links all authority
documents using that control to the new version, even those authority documents not updated.
This can result in unintended changes in the relationship between the shared control and any
unmodified authority documents. Relationship changes can alter how compliance is evaluated
for your organization. Be sure you know what affect these updated controls have on your
The system displays super controls in:
- UCF document details
- GRC update requests
- GRC update approval records
- Email notifications