Applicability Feature
Here you can learn about the Applicability Feature for Controls and their Tasks, how to use it and what impact it has.
Topics covered in this page
Applicability Overview
Company users and CISO’s have a tool that allows them to mark if a Control (with all tasks under it) or a separate task is applicable for the company or not.
How The System Works
-
In the Control inner page, users can find applicability information
-
This information can be created/edited/updated on edit mode of the control
What Users Must Do
-
Select date till when Control is not applicable (the latest date that can be selected will be the last day of the Audit Cycle: for example, DORA: last day of the Year; ISO: last day of the certificate)
-
Write a comment stating the official argument/reason why Control is not applicable
-
Mark checkmark
-
Hit the button “Save”
After saving the record, applicability changes will be saved and displayed in the applicability history tab.
All tasks that are under this Control will inherit the status and become not applicable as well.
Effect On Statistics
Not applicable Controls and Tasks will not participate in statistics calculations like framework execution percentages. But as soon as they become applicable, they are added into the calculations.
The user can filter out Controls and Tasks according to applicability status.