Adding Governance Frameworks and Controls in SimpleRisk
In this video, we will cover the governance functions in SimpleRisk. Leveraging the SimpleRisk governance functionality allows you to define all of the mitigating controls that your program uses and map them to any number of control frameworks. This makes it easy to logically group controls within specific frameworks as well as define any number of controls that are common across multiple frameworks.
With the introduction of Governance and Compliance functionality to SimpleRisk, you can now directly apply controls as risk mitigations. This not only adds clarity to managing and monitoring risk, but also streamlines processes and makes your overall risk management program more effective.
To begin using the Governance functionality in SimpleRisk, you will first want to create a framework. To do this, click the “Governance” tab found at the top left. You should now be viewing the Governance menu and a list of active frameworks will be displayed.
Near the top in the center you will see three tabs and frameworks may be drag and dropped between tabs and are labeled as follows:
A “+” tab, which allows you to add a new Framework to the currently selected tab;
An “Active Frameworks” tab, which is used for frameworks currently used by your organization;
And an “Inactive Frameworks” tab, for frameworks not in service or that aren’t relevant to your organization.
To add a new framework, click the “+” button that is adjacent to the “Active Frameworks” tab. This will display a dialogue box allowing you to enter a name for your new framework, create a parent-child association with an existing framework, and provide a description of your framework. Once you have filled out the pertinent information, click the red “Add” button at the bottom right to add your new framework to the system.
Now that you have created a framework, you will want to add mitigating controls to associate with your framework. To begin the process of adding controls, you will need to navigate from the same “Governance” menu found at the top. Simply select the “Controls” tab next to the “Frameworks” tab. Once in the Controls menu, all controls currently defined in the system will be displayed and are correlated to the frameworks to which they are associated, along with various details for each control. A section for “Filtering” will also be displayed. This allows you to filter which controls you want to display within the different drop downs. This is helpful if you would like to view all of the controls associated with a specific framework, a control family, or a number of other different ways to classify a control.
Next, to add a new control click the “+” tab located just under the Control Filters. This will display a dialogue box with fields that allow you to record all relevant information about the control. Once you have entered the control information into the form, simply click the “Add” button to save the newly created control into the system.
Finally, I would like to cover how to link mitigating controls to risks. First identify a specific risk that you want to link to a control by clicking the “Risk Management” tab at the top, and then the “Plan Mitigation” tab on the left. Select “No” in the “Mitigation Planned” column to choose the risk that you want to link to the control. Once in the edit mitigation menu, a gray button will be displayed labeled “Select Mitigating Control(s) +”. By clicking this button you will see a list of all controls available in the system and be able to select the specific control(s) you would like to link as a mitigation for the selected risk.
This Governance overview was designed to provide you with a foundation to leverage the governance functionality in SimpleRisk so you can begin to implement your governance program. If there are any questions left unanswered, please don’t hesitate to contact us at: firstname.lastname@example.org