The Controls page displays a table of all your controls, providing a centralized place to browse and manage them. When you select a control, you can view and manage all information related to that specific control, including its evidence, monitoring tests, policies, framework mappings, and associated risks.
The page for that specific control includes the following tabs, which are covered in this guide: Overview, Evidence, Monitoring, Policies, Frameworks, and Risks.
Prerequisite
This is the new experience for customers onboarded after July 2, 2025, or for those who opted into Early Access.
Overview tab
On the Overview tab, you can:
Top-Level Cards: View a high-level summary of factors related to your control, including Evidence, Monitoring, Policies, and Approvals.
Info: Edit the details of your control.
Owners: Assign or remove Control Owners.
Required Approvals: Manage required approvals for this control.
Top-Level Cards
Each top-level card provides details about your control’s readiness. You can select any card to view more information.
In the following example, the control’s status is marked as Not Ready. The top-level cards display that the control’s evidence is not ready. To address this, select the Evidence card and add an artifact.
The top-level cards clearly indicate which items are not factored into readiness.
For example, in the Monitoring section shown, the mapped test that is linked is inactive; therefore, it is not factored into readiness and does not affect the control’s readiness score. "Not factored" means these states or objects do not positively or negatively impact readiness.
For Monitoring, tests that are inactive, not tested or disabled, non-production, or erroring are not factored into readiness.
The following test states are not factored into readiness (they do not positively or negatively impact readiness):
Inactive
Not tested or disabled
Non-production
Erroring
Examples of Issues That Do Affect Readiness:
The following issues can negatively impact your control’s readiness:
The evidence shows a missing artifact.
The policy is not published.
Required approvals are still pending.
Info
Update the Name and Description so your team and auditors clearly understand what this control covers. You can also view the control’s Code.
Owners
Select one or more Control Owners who are responsible for keeping your control effective, collecting evidence, monitoring tests, and preparing for audits.
Required Approvals
Add and track Required Approvals to confirm your control has been reviewed and approved by key stakeholders. Approvals show auditors that your organization has strong control governance.
Evidence tab
The Evidence tab provides an at-a-glance view of all evidence attached to your control. Here, you can:
Link or unlink evidence to the control.
Add new evidence, which will be automatically linked to the control.
Download evidence for reference or record-keeping.
Select evidence to be redirected to the Evidence Library for more details.
Monitoring tab
The Monitoring tab displays all monitoring tests and their pass/fail history. You can download the displayed tests, select the tests for more information, or map additional tests to the control.
Policies tab
The Policies tab displays all policies attached to the control. Here, you can:
Download policies.
Link additional policies to the control.
Unlink policies from the control.
Select the policy to be redirected to the Policy page for more details.
Frameworks tab
The Frameworks tab will show you every framework requirement attached to this control. You can map requirements from a framework as well.
Risks tab
The Risks tab will show you all risks attached to the control. You can map additional risks, update the Impact and Likelihood score, unlink risks, and select the risks to view more information.
Manage internal notes, tasks, and tickets
Controls page includes a right-hand side navigation panel, where you can manage internal notes, tasks, and tickets.