Mandated Control
A mandated Control is the Common Control linked to the Citation(s) from the Authority Document(s) selected by the organization. They are listed in Bold font.
Mandated Controls must be:
- Assigned to roles for accountability
- Tracked to completion
Example:
Implied Control
The Common Control(s) in the parentage of Mandated Controls, which are not otherwise mandated. They are listed in italic font.
Implied Controls:
- Are found within each Mandated Control's genealogy
- Are not mandated by any of the Authority Documents the organization has chosen to employ
- Do not have to be assigned for accountability
- Do not have to be tracked to completion
Example:
Implementation Controls
Non-Mandated Common Control(s) that are children of Mandated Controls. They are listed in plain text.
Implementation Controls:
- Provide details not found in Mandated Controls regarding how to carry out the Mandated Control.
- Are not mandated by any of the Authority Documents the organization has chosen to employ
- Do not have to be assigned for accountability
- Do not have to be tracked to completion
Example:
Comments
Please sign in to leave a comment.