Control Details Screen
If you have Essential Compliance access, you will see the enhanced control details screen regardless of how you navigate to a control/mitigation (e.g., opening a control from the Essential Compliance screens and menus, or opening a mitigation from a risk bow tie in the Risk Details screen).
Summary Section
Standard fields — Name, Owner, Description, Record Status
Control Execution fields — Optional sub-section that Admin users can toggle on/off
Control Management Section
This is a key feature for compliance managers. It supports scheduling recurring control reviews and managing the control approval lifecycle.
Status Tab:
Field | Description |
Control Status | Mirrors the record status. Shows "Active and approved" when set to Active. |
Reviewers | One or more users who will receive review notifications. Must be compliance users with portfolio access (Admin or Standard). |
Who Must Review | "Any reviewer" (default) or "All reviewers" — determines whether one or all reviewers must respond for a review to be considered complete. |
Review Start Date | The anchor date for calculating recurring reviews. For example, if January 1 is set as the start date and the review period is set to semi-annually, recurring review tasks will be due on July 1 and January 1 of each year going forward. |
Review Period | None, Monthly, Quarterly, Semi-annually, Annually, Every 18 months, or Every 2 years. |
Next Scheduled Review Due | Auto-calculated from Start Date + Review Period. |
Notifications | Number of days before the due date to notify reviewers. |
Review Status | Current review status (Waiting for Reviews, Complete, or Incomplete) |
Last Review Completed | Date of the most recent completed review |
Key Actions:
Mark Reviewed — Visible to Admin users and assigned Reviewers. Records a review immediately
Request Review — Sends an ad hoc review request to selected reviewers with a custom due date
Policy Activation Rule: When reviewers are assigned, a policy must be reviewed before it can be set to Active (Published) status.
Review Requests Tab:
Shows a table of all review requests (both scheduled and ad hoc) with:
Request Date, Due Date, Reviewers (with response status icons ✅/❌), and Review Status
Control Approval Permission
An Admin toggle controls whether Standard users can set controls to Active (Approved) status:
If Yes (default): New controls are created as Active
If No: New controls are created as Inactive and only Admins can set them to Active
Associations
Shows linkages between the control and its related frameworks and themes. Click Manage Associations to create or break these linkages.
Compliance Status Box
Displays the overall compliance status of the control, calculated automatically based on the status of it's attached evidence tasks.
Users can manually override the auto-calculated status using the "set value" link, and reset it back to the automatic calculation at any time.
Sub-Sections
The following sub-sections can be enabled and reordered on the Controls Details screen by client administrators:
Obligations, Policies, Evidence Tasks (coming soon), Risks, Indicators, Incidents, Action Plans, Notes
Must-Have Controls
When a control is attached to an obligation or policy, it can be marked as "Must Have" through the ellipsis menu on the control's row (in the controls subsection of the obligation or policy details screen). This is a property of the relationship between the control and the obligation/policy — not a property of the control itself. This means that a control may be "must have" for one obligation or policy, but not others.
Why it matters: Only must-have controls affect the compliance status of the parent obligation or policy. Non-must-have controls can be attached for tracking purposes without impacting compliance calculations.