Associate Threats and Controls

Associate Threats and Controls

In order to link Controls and Threats, navigate to the Risk Register at the top. You can assign more than one Control from a Threat detail page or assign one or more Threats on a Control detail page. You can associate Threats and Controls together, regardless of whether they’ve been registered.

The system-defined Threats come with Controls already associated with them.

Assign from Registered Threat Page

From the Risk Register, select one of your Registered Threats.



Under Registered Controls, select Add Controls.



A modal will appear. If you need, filter by tag at the top.




Check the box next to each Control you’d like to add.


Select Submit.

Once you add a Control, the Threat’s Residual Risk Level will adjust based on the Likelihood Reduction Value of the Control.


Assign from Registered Control Page

You can also associate one or more Threats to a Control from a Registered Control page. The steps are the same as above, but instead, select a Registered Control from the Risk Register followed by Associate Threats.


    • Related Articles

    • Track Changes to Registered Threats and Controls

      For both registered Threats and Controls, you can create and track Comments. In addition, you can create and track Tasks associated with a Threat or Control. Threats also come with an Activity log to audit who made changes over time. Comments At the ...

    • Manage Tasks for Registered Threats and Controls

      Create and assign a task to someone in your organization for both Threats and Controls. Begin by selecting Add Task under Tasks near the bottom of the page. Then follow the instructions for creating and assigning a Task. If creating a Task from ...

    • Add Threats to the System

      ComplyAssistant comes with 125 pre-populated Threats. Five of these Threats are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Threats specific to your organization. To view the list of Threats and ...

    • Define an Owner and Status for Registered Controls

      Just like with Threats, you can assign an Owner to Controls. In addition, Controls have an Implementation Status. Assign an Owner to a Registered Control To assign an Owner, select from the dropdown. Only users assigned the Risk Register function ...

    • Add Controls to the System

      ComplyAssistant comes with 87 pre-populated Controls. All of these Controls are based on the Health Industry Cybersecurity Practices (HICP) rule. You also have the option to add Controls specific to your organization and Threats. To view the list of ...