Controls module overview

Learn what control sets are and how they can be viewed, created, and managed in the 6clicks platform

This article provides an overview of the Controls module in 6clicks.

Table of contents:

1. What is the Controls module?
2. How does the Controls module help me assess my compliance posture?
3. Module overview
4. Control set overview
   1. Creating a control set
   2. Adding a control set from the Content Library
   3. Linking controls to provisions
   4. Mapping a control set to an authority document
   5. Creating responsibilities & tasks
   6. Managing tasks within a control set as the control set owner
   7. Responding to tasks
   8. Reporting & analytics
   9. Control sets in the Trust Portal

What is the Controls module?

The Controls module is where your control sets are.

Control sets refer to an organization’s internal reference documents, such as company policies. Control sets are made up of controls, which represent individual rules or requirements within these documents.

Control sets act as internal guidelines and can be based on one or more authority documents such as regulations and security frameworks that your organization needs to prove compliance with.

You can create responsibilities associated with controls and assign them to team members to ensure they are actioned.

How does the Controls module help me assess my compliance posture?

The power of 6clicks lies in its flexibility.

When designing a Question-Based Assessment (QBA), the questions can be associated with either controls (making up an internal control set) or provisions (making up an authority). Learn more here.

When designing a Requirement-Based Assessment (RBA), the requirements can be either controls or provisions as well. Learn more here.

Similarly, controls can be linked to risks either as "Current Controls" to manage the risk or as "Planned Controls" as part of a risk treatment plan.

These associations provide transparency for teams to ensure relevant compliance obligations are fulfilled and internal control sets are employed and managed appropriately.

Module overview

To access your control sets, select Controls from the navigation menu. This will open the Controls page, displaying all your organization's control sets stored in 6clicks. You can sort your control sets by their Created Date or Last Updated Date.

Control set overview

Click on a control set to open it. Here you will see a list of all controls under the control set.

A control set with Edit status has the below tabs.

• Controls
• Mappings
• Viewer - a read-only version of the control set shown to people without certain permissions, e.g. someone you shared a Trust Portal profile with
• Versions
• History - past edits made to the control set, what, when & by whom

When the control set becomes Published, it may also have the tab Manage Tasks; this is visible to control set owners and provides an overview to all tasks under this control set.

• Creating a control set
• Adding a control set from the Content Library
• Linking controls to provisions
• Mapping a control set to an authority document
• Creating responsibilities & tasks
• Managing tasks within a control set as the control set owner
• Responding to tasks
• Reporting & analytics
• Control sets in the Trust Portal

Creating a control set

Here are some actions you might want to take before you create your first control set so that the wording and schema are set up according to the needs of your organization.

• Renaming the Controls module
• Renaming control types, or creating custom control types
• Defining custom fields for controls to better capture data

For step-by-step instructions on creating a control set, head here.

You may also want to import a control set using an Excel spreadsheet instead; learn more here.

Adding a control set from the Content Library

6clicks offers a number of control sets in the Content Library.

Head to the Content Library using the 2nd icon in the top right and filter by control sets.

For example, we want to use this control set.

You can click on the star and add it to your Exclusive Content Library, if applicable, or click into it and select Add content. 

This adds the control set straight into your environment. You will be notified when this action is complete. After that, you can find it in the Controls module.

Linking controls to provisions

To link a control to a provision, make sure your control set is in Edit status and that you are in the Controls tab.

Click on a control and go to Linked data and click on the + under Provisions.

For specific step-by-step instructions on creating controls and linking controls to provisions, head here.

Mapping a control set to an authority document

There are two ways to map a control set to an authority document. You can either do it manually or get some help from Hailey AI, then review the results and make changes as necessary.

To learn how to use Hailey to map controls to provisions in an authority document, head here.

To map manually, head to the Mappings tab and click on a control, then in the side panel, click the + next to Provisions and add the authority then link the provision/s from that authority as needed. Manually linked provisions have a hand icon.

Creating responsibilities & tasks

You can use responsibilities (and their tasks) to put a control into practise, to ensure that this control remains effective and that everything is done on a regular basis.

You can either create responsibilities one by one or import them via Excel.

Start by making sure you are in the Control tab and that the control set is in Edit status.

Click on a control and go to its Linked data tab, where you can click on the + under Responsibilities.

For step-by-step instructions on creating responsibilities, head here.

Managing tasks within a control set as the control set owner

If you are the owner of a control set, and the control set is published, you can see a Manage Tasks tab.

Here, you can see all the tasks that are part of responsibilities which belong to the controls in this control set.

As the owner, you can monitor the status of tasks in this tab. You can also do so by using the Analytics module report Task Register Report.

Tasks are automatically created and assigned out to users when a responsibility has an assignee, i.e. if a responsibility does not have an assignee, no task is created, since there is no one to do the task.

Recurring responsibilities create a new task as necessary according to the recurring timeframe. Learn more about responsibilities here.

Learn about the difference between owners and assignees here.

Responding to tasks

If you are assigned a responsibility task, you will be notified via an email  and it will show up in your My Tasks.

Learn to respond to it here.

Reporting & analytics

The Analytics module allows you to easily report on controls and responsibilities.

Head here to learn more about the different reports that we offer out-of-the-box.

Control sets in the Trust Portal

The Trust Portal is designed for you to easily share your risk & compliance information, such as your control sets, already in 6clicks with anyone who needs to see them.

Learn more about sharing your control sets with customers, auditors or anyone else by using the Trust Portal here.

 

Creating, sharing, or simply using control sets from the 6clicks Content Library allows your organization to further manage its compliance frameworks, streamline risk assessment processes, and enhance overall governance by ensuring consistent and efficient application of standards.