What is the difference between an Implied, Mandated, and an Implementation Control?

Mandated Control 

A mandated Control is the Common Control linked to the Citation(s) from the Authority Document(s) selected by the organization. They are listed in Bold font.

Mandated Controls must be:

  • Assigned to roles for accountability
  • Tracked to completion

Example:

Implied Control

The Common Control(s) in the parentage of Mandated Controls, which are not otherwise mandated. They are listed in italic font.

Implied Controls:

  • Are found within each Mandated Control's genealogy
  • Are not mandated by any of the Authority Documents the organization has chosen to employ
  • Do not have to be assigned for accountability
  • Do not have to be tracked to completion

Example:

Implementation Controls

Non-Mandated Common Control(s) that are children of Mandated Controls. They are listed in plain text.

Implementation Controls:

  • Provide details not found in Mandated Controls regarding how to carry out the Mandated Control.
  • Are not mandated by any of the Authority Documents the organization has chosen to employ
  • Do not have to be assigned for accountability
  • Do not have to be tracked to completion

Example:

 

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request

Comments

0 comments

Please sign in to leave a comment.