Manage control attestations

Attestations are surveys that gather evidence to prove that a control is implemented. If the control’s attestation field and respondents fields are set, then when a controls moves from the Draft state to the Attest state, a notification is sent to the attestation respondents.

Users can create multiple attestation types and set their policy statements to different attestations. A sample attestation called GRC Attestation is also provided as the default attestation which is composed of the following simple questions:

By default, GRC Attestation is used for controls and provides the following assessment questions:
  • Is this control implemented?
  • Attach evidence
  • Explain

My Attestations is in the Controls section of the Policy and Compliance application and contains active attestations for which you are the respondent. The attestations appear in a list with a single attestation record per control.

All Attestations is contained in the Controls section of the Policy and Compliance application and contains all active attestations.

Compliance managers can create new attestation types containing different types of questions to fit their needs. See Create a control attestation using the Attestation Designer.

Compliance managers can create a new set of questions for each policy statement. See Create an attestation type.