Step 3: Mapping Controls [legacy]

Owned by Tristan Mohn (Deactivated)
Last updated: Feb 09, 2023 by Victoria Buhler (Deactivated)
5 min read


Page Contents


WARNING

In 2021 Q1 the Program Scoping wizard was replaced by the new Program Scoping Dashboard dashboard. Please refer to that article for current instructions on how to scope program content in ZenGRC. 

Overview

In this step, you upload or create controls and map them to the objectives scoped in the last step. You cannot start this step until at least one objective is scoped for a program in the previous step and the Step 2 Scope Objectives displays a green check mark.

There are several ways to add controls, which include one or more of the following activities:

  1. Uploading a customized spreadsheet.
  2. Adding them individually.
  3. Working with a GRC expert to define them.

Accessing the Map Controls Page

NOTE

For assistance finding the Program Onboarding Wizard, please see Introduction to the Program Onboarding Wizard [legacy].


In the 3. Map Controls box for each program name, complete the following steps:

  1. Click Map Controls Now.



  2. The initial Map Controls page displays with three buttons as follows: Import ControlsAdd Controls ManuallyContact Us.

    TIP

    If you are accessing newly uploaded controls or returning to complete mapping, click Add Controls Manually.

Importing Controls

ZenGRC allows for the import of all your organization's controls at one time. There are two steps involved in this process:

  1. Downloading the import template.
  2. Conducting the import.

Downloading the Import Template

To download a template containing the headings necessary to populate ZenGRC with control information, complete the following steps:

  1. Click Download import template.



  2. Save as a CSV file in a UTF-8 format.

  3. Open and populate. The asterisk * indicates a required field. However, the Code* column may remain blank on initial upload.

    NOTE

    For detailed instructions on importing data and formatting spreadsheets, please see Importing and Exporting.



  4. Click File | Save.

Conducting the Import 

To import controls, complete the following steps:

  1. Click Import Controls.



  2. On the Import Controls page, click in the blue, dotted line to browse for your completed template.

  3. Select file and click Open. The page refreshes with import information.

  4. Click Import Controls.

  5. The Map Controls page displays. 

Accessing Controls and Adding New Ones

This section is for completing the following activities:

  • Accessing newly uploaded controls.

  • Creating a new control.

To map controls that already exist or that have been imported, complete the following steps:

  1. Click Add Controls Manually.

  2. The Map Controls page displays with the default to the Add Controls Manually column.

  3. Click the Controls to Map heading to display available controls.

To add individual controls, in the Add Controls Manually column, complete the following steps:

  1. In the Title text box, add a heading for the new control. This is a required field.

  2. In the Description text box, enter information describing the control. This information is available from the Details link and provides additional, searchable content.

  3. In the Owner dropdown, select the person responsible for the control. This is required.

  4. Make selections in the Primary Contact and Secondary Contact dropdowns.

    TIP

    Users added to the OwnerPrimary Contact and Secondary Contact dropdowns can be automatically selected as assessors or verifiers for assessments in audit creation.

  5. Click Add Control. The new control will display in the Controls to Map column and will be available to be mapped to all objectives and across programs.
     

TIP

Your form for adding controls may have additional fields that were customized for your organization. 

We Don't Have Controls

If you are uncertain how to document your control program, our GRC experts can help. Please click Contact Us within the application, or contact support@reciprocitylabs.com.

Intro to the Map Controls Page

The Map Controls page is comprised of four columns as follows:

  • In-Scope Objectives – Objectives scoped in Step 2, to which you add controls. A red box with a “0” indicates that the objective has no associated controls and needs attention. 
  • Controls Mapped to the Objective – Controls mapped to a scoped objective. The column may be blank when the page is initially accessed.
  • Controls to Map – Available controls to be added to objectives. Any control that has been uploaded or created in the system can be added to any objective within any program. One control can be mapped to many objectives. When a control is mapped to an objective, the application places it in the Controls Mapped to the Objective column and removes it from the Controls to Map column for that objective. When another objective is selected, the control is available for mapping again. 
  • Add Controls Manually – Create a control or a placeholder for a new control if it does not exist. You can edit or update  the control at a later point to finalize it.

Mapping Controls

Once your organization has created or imported controls, they can be mapped to the scoped objectives. At this point, you have imported a CSV file with controls or have created them individually and are on the Map Controls page. 

To map controls to a scoped objective, complete the following steps:

  1. In the In-Scope Objectives column, select an objective. When selected, the item turns gray.



  2. Click the Controls to Map heading to display controls available for the selected objective.

  3. Click the + beside the chosen control. This moves it to the Controls Mapped to the Objective column. It is now mapped to the individual objective.

    TIP

    Controls are available for mapping across all objectives within all programs. In many cases, mapping a control to multiple objectives can help make your compliance program more efficient. 

  4. Continue selecting objectives and adding relevant controls until all controls deemed important to your organization have been scoped.

Displaying Descriptions

To read descriptions of objectives and controls, complete the following steps:

  1. Click the Details link below the name.



  2. Alternatively, click Hide Details to remove the description.

Searching

Three of the four columns on the Map Controls page are searchable with search boxes located below the section headings. Each search box only scans text in the column it resides.

  • The searches scan both titles and descriptions in the Details link. 
  • The searches provide results in real time.
  • To remove the search term, click the X to the right of the search box.

In-Scope Objectives Search

No matter what objective is selected, this search scans all objectives in the column.


Controls Mapped to the Objective Search

  1. Select an objective in the In-Scope Objectives column.

  2. Enter text in the Controls Mapped to the Objective search box. It searches text in the column, which contains controls added to the objective. If the search text is not found in the mapped controls, the column displays no controls.


Controls to Map Search

  1. Select an objective in the In-Scope Objectives column. 
  2. Enter text in the Controls to Map search. It searches text in the column, which contains controls not mapped to the objective.


Unmapping Controls

To remove controls from a scoped objective, complete the following steps:

  1. Select an objective in the In-Scope Objectives column. This displays all associated controls.
  2. In the Controls Mapped to the Objective column, click  beside the control to be removed. This moves it to the Controls to Map column, which means it is no longer associated with the selected objective.


Completing the Step

Once controls are mapped to the objectives, the step can be completed.

To finish this step, complete the following:

  1. Click Complete at the bottom of the page.

  2. Alternatively, click Save and continue later to save progress without finalizing the step.



  3. The Program Onboarding Wizard home page displays with the program listed as successfully built.

    TIP

    Even after you've successfully built a program into the System of Record, it can be edited. Please see Editing a Finalized Program [legacy].


Other Helpful Content

•  Access and User Assistance 
•  System of Record List Views  
•  Actions on the Details Page 
•  Creating New Objects 
•  Favorites 
•  Quick Tips for End Users (Printable) 
•  Searching the Left-Hand Navigation

© 2021 Copyright Reciprocity, Inc.
https://reciprocity.com