Add Controls to the System

Add Controls to the System

ComplyAssistant comes with 87 pre-populated Controls. All of these Controls are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Controls specific to your organization and Threats.

To view the list of Controls and add your own, select Account Settings in the upper-right then choose Controls from the left hand menu.



On the right hand side, you’ll see the option to add a new Control or import one or more Controls to ComplyAssistant.


You can also hover over Account Settings and select Control Library to navigate there.


Add a New Control

To create a single Control, select New Control from the right hand side of Account Settings.



From New Control, enter the Name and Description.



Drag the marker to indicate the Likelihood Reduction value. A Low value will reduce the Residual Risk Level of a Threat less than a High value will.


Select one or more Control Tags for easier filtering within the Risk Register. ComplyAssistant comes with three, pre-existing tags: HICP Large, HICP Medium, and HICP Small. You can also create your own by typing directly in the box and pressing enter.



Select Submit to create your custom Control.


You can also create a new Control from the same modal where you register Controls.



Import a New Control

To create more than one Control, select Control Import on the right hand side of Account Settings.



Follow the instructions on the screen to download the template, fill it in according to the headers provided, and import. You must fill in all fields.



At this time, there is no way to import registrations or associations between Threats and Controls.


You must upload a CSV file. If there is an issue with the import, you will be given information to help you remedy the situation.


Import is all or nothing. If you import something and there is an error on only one row, no part of the CSV will be imported.


All of the system-defined Controls and your organization’s custom Controls will appear in the Control Library within Account SettingsNow that you’ve made a Control, you can add it to your Risk Register.

    • Related Articles

    • Add Threats to the System

      ComplyAssistant comes with 125 pre-populated Threats. Five of these Threats are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Threats specific to your organization. To view the list of Threats and ...

    • Associate Threats and Controls

      In order to link Controls and Threats, navigate to the Risk Register at the top. You can assign more than one Control from a Threat detail page or assign one or more Threats on a Control detail page. You can associate Threats and Controls together, ...

    • Add a Control to the Register

      Register a Control so that you can quickly view and track it under Registered Controls on the Risk Register. Navigate to the Risk Register at the top. On the right hand side, select Add Controls to Register. This will open a modal that displays all ...

    • Add a question to a library

       It is not possible to add questions to a question library that is System defined. Follow these steps to add a question to a library: Click Add Questions to display a new question panel.  Type in the Question and use the toolbar to format the text of ...

    • Add a Threat to the Register

      To start managing Threats in ComplyAssistant, navigate to the Risk Register at the top. On the right hand side, select Add Threats to Register. This will open a modal that displays all of the Threats in Account Settings: system-defined and custom. ...