ComplyAssistant comes with 87 pre-populated Controls. All of these Controls are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Controls specific to your organization and Threats.
To view the list of Controls and add your own, select Account Settings in the upper-right then choose Controls from the left hand menu.
To create a single Control, select New Control from the right hand side of Account Settings.
From New Control, enter the Name and Description.
Select one or more Control Tags for easier filtering within the Risk Register. ComplyAssistant comes with three, pre-existing tags: HICP Large, HICP Medium, and HICP Small. You can also create your own by typing directly in the box and pressing enter.
Select Submit to create your custom Control.
You can also create a new Control from the same modal where you register Controls.
To create more than one Control, select Control Import on the right hand side of Account Settings.
Follow the instructions on the screen to download the template, fill it in according to the headers provided, and import. You must fill in all fields.
At this time, there is no way to import registrations or associations between Threats and Controls.
You must upload a CSV file. If there is an issue with the import, you will be given information to help you remedy the situation.