CyMetric assembles controls for compliance obligations as a core piece of its functionality. These controls define what an organization needs to do in order to be compliant with various regulations. Organizations need to determine how they go about fulfilling those requirements. CyMetric provides a mechanism to document and store the implementation guidelines necessary to fulfill the requirements of the control.
Add a Control Procedure
Click to the Approved Controls module from the navigation area on the left side of the CyMetric application. Select the control you would like to add your procedure to from the list of approved controls by clicking on the caret (>) at the end of the corresponding row. Next, click on the appropriate configuration that you would like to add the procedure to. From the Configurations tab, scroll to the last section of the landing page, underneath the Control Description area. Click on the Procedures tab.
The first time you add a procedure, no procedures will be listed in the Procedures area. To add a procedure, click on the Create Procedure button. A text area appears where content can be added to populate your procedure. Note that the text area has formatting options to create highlights, bullets, numbered lists, text size, etc. Users can cut and paste from other documents into the text area or simply type their procedure. The first procedure is designated Procedure A. Subsequent procedures will follow the alphabetical sequence. Click on the Save Edits button to save the procedure. Keep in mind that each unique configuration for a control (e.g. Default, Critical) will have its own set of procedures. To access/define each procedure set, users will need to click on the appropriate configuration.
NOTE: If you create multiple procedures and delete one of them, a gap in the alphabetical sequence will remain. The next procedure you create will fall at the end of the line and not fill in the gap. For example, if procedures A, B, C and D are created and you delete procedure C, procedures A, B and D will remain as originally labeled and should you add a new procedure to this configuration, it will be labeled E.
Pro-Tip: Users may want to designate naming headers to differentiate technical procedures from administrative/business process procedures.
To add another control procedure, click on the blue + icon from the top right corner of the Procedures tab. The text dialog box will appear under a new name tab. Enter the procedure as defined in the process above.
