Kontrolldefinitionen/en: Unterschied zwischen den Versionen
Aus HITGuard User Guide
Weitere Optionen
Faha (Diskussion | Beiträge) Die Seite wurde neu angelegt: „By clicking the button "Create copy of this control definition" the control definition can be copied. The copy contains all the data of the original, i.e. desc…“ |
Übernehme Bearbeitung einer neuen Version der Quellseite |
||
| Zeile 3: | Zeile 3: | ||
<div class="mw-translate-fuzzy"> | |||
[[Datei:Kontrollen aktives Mms.png|left|thumb|900px|Select management system]] | [[Datei:Kontrollen aktives Mms.png|left|thumb|900px|Select management system]] | ||
<br clear=all> | <br clear=all> | ||
</div> | |||
__TOC__ | __TOC__ | ||
<div class="mw-translate-fuzzy"> | |||
== <span id="create_check"></span> Create / edit check == | == <span id="create_check"></span> Create / edit check == | ||
</div> | |||
When creating a control, make sure that the correct management system has been selected, as controls are only created for the active management system. | When creating a control, make sure that the correct management system has been selected, as controls are only created for the active management system. | ||
| Zeile 19: | Zeile 23: | ||
To copy an already existing control definition, click on the copy button next to the plus. This will copy the control definition 1 to 1, but no control executions and links will be copied! | To copy an already existing control definition, click on the copy button next to the plus. This will copy the control definition 1 to 1, but no control executions and links will be copied! | ||
<div class="mw-translate-fuzzy"> | |||
[[Datei:Kontrolle bearbeiten Maske.png|left|thumb|800px|Mask for editing a control]] | [[Datei:Kontrolle bearbeiten Maske.png|left|thumb|800px|Mask for editing a control]] | ||
<br clear=all> | <br clear=all> | ||
</div> | |||
=== <span id="Header data"></span>Header data === | === <span id="Header data"></span>Header data === | ||
| Zeile 27: | Zeile 33: | ||
:* Here you enter the organizational unit in which the control is to be performed. | :* Here you enter the organizational unit in which the control is to be performed. | ||
<div class="mw-translate-fuzzy"> | |||
:<u>Abbreviation:</u> | :<u>Abbreviation:</u> | ||
:*This is the abbreviation under which the control can be found. (e.g. Orgeh + sequence number Per_K_001). | :*This is the abbreviation under which the control can be found. (e.g. Orgeh + sequence number Per_K_001). | ||
</div> | |||
:<u>Status:</u> | :<u>Status:</u> | ||
| Zeile 38: | Zeile 46: | ||
:* Here you should briefly describe what topic the control deals with. | :* Here you should briefly describe what topic the control deals with. | ||
<div class="mw-translate-fuzzy"> | |||
:<u>Control measure:</u> | :<u>Control measure:</u> | ||
:*In the control measure, describe the control and explain what to look for when performing it. | :*In the control measure, describe the control and explain what to look for when performing it. | ||
</div> | |||
:<u>Note:</u> | :<u>Note:</u> | ||
:*Here you enter additional information to be considered when performing the control. | :*Here you enter additional information to be considered when performing the control. | ||
<div class="mw-translate-fuzzy"> | |||
:<u>Norm mapping:</u> | :<u>Norm mapping:</u> | ||
:* Here you can map the control to a standard. But normally this field is filled because the control is selected from a knowledge base template (Blue button next to the "shortcut" field). | :* Here you can map the control to a standard. But normally this field is filled because the control is selected from a knowledge base template (Blue button next to the "shortcut" field). | ||
</div> | |||
:<u>Control types:</u> | :<u>Control types:</u> | ||
| Zeile 75: | Zeile 87: | ||
:* Here you enter the persons who check the implementation of the control. | :* Here you enter the persons who check the implementation of the control. | ||
<div class="mw-translate-fuzzy"> | |||
:<u>First time:</u> | :<u>First time:</u> | ||
:* Here you set the date of the first control. Furthermore, you can decide whether the control is Recurring and if so, at what interval the control should be performed. | :* Here you set the date of the first control. Furthermore, you can decide whether the control is Recurring and if so, at what interval the control should be performed. | ||
</div> | |||
<div class="mw-translate-fuzzy"> | |||
:<u>Deadline:</u> | :<u>Deadline:</u> | ||
:* If the control is to have a deadline, you must specify it and define which people will be informed when the deadline is exceeded. | :* If the control is to have a deadline, you must specify it and define which people will be informed when the deadline is exceeded. | ||
</div> | |||
<div class="mw-translate-fuzzy"> | |||
:<u>Email notifications once pending:</u> | :<u>Email notifications once pending:</u> | ||
:* If this is enabled, as soon as a control is performed, the implementer is notified. This may be undesirable if a control is to be performed daily, for example. | :* If this is enabled, as soon as a control is performed, the implementer is notified. This may be undesirable if a control is to be performed daily, for example. | ||
</div> | |||
:<u>Reminders:</u> | :<u>Reminders:</u> | ||
| Zeile 103: | Zeile 121: | ||
If you then click on a control, a dialog opens in which you can see the details of the control execution. | If you then click on a control, a dialog opens in which you can see the details of the control execution. | ||
<b>Caution</b> By changing the status, the control is sent out to the person responsible for execution or to the inspector for a new execution/assessment. | <div class="mw-translate-fuzzy"> | ||
<b>Caution</b> By changing the status, the control is sent out to the person responsible for execution or to the inspector for a new execution/assessment. | |||
</div> | |||
[[Datei:Detail durchgeführte Kontrolle.PNG|left|thumb|900px|Details of a performed control]] | [[Datei:Detail durchgeführte Kontrolle.PNG|left|thumb|900px|Details of a performed control]] | ||
<br clear=all> | <br clear=all> | ||
<div class="mw-translate-fuzzy"> | |||
== <span id="links"></span>links== | == <span id="links"></span>links== | ||
</div> | |||
[[Datei:Kontrolle Verknüpfung Breadcrump.png|left|thumb|800px|Control link menu]] | [[Datei:Kontrolle Verknüpfung Breadcrump.png|left|thumb|800px|Control link menu]] | ||
Version vom 15. November 2021, 12:35 Uhr
Experts and professionals can see all controls created in the active management system under "Controls → Control definitions".
Create / edit check
When creating a control, make sure that the correct management system has been selected, as controls are only created for the active management system.
To create a new control, click the "Plus" button.
To edit an existing control, double-click the desired control.
To copy an already existing control definition, click on the copy button next to the plus. This will copy the control definition 1 to 1, but no control executions and links will be copied!
Header data
- OrgEh:
- Here you enter the organizational unit in which the control is to be performed.
- Abbreviation:
- This is the abbreviation under which the control can be found. (e.g. Orgeh + sequence number Per_K_001).
- Status:
- Active: Control to be performed as soon as it occurs.
- Suspended: The control is not to be performed for a specific reason, but it can be reactivated.
- Disabled: The control is no longer active under normal circumstances. This status stands for controls that can no longer be deleted for archiving purposes because controls have already been performed.
- Description:
- Here you should briefly describe what topic the control deals with.
- Control measure:
- In the control measure, describe the control and explain what to look for when performing it.
- Note:
- Here you enter additional information to be considered when performing the control.
- Norm mapping:
- Here you can map the control to a standard. But normally this field is filled because the control is selected from a knowledge base template (Blue button next to the "shortcut" field).
- Control types:
- Organizational: organizational procedures are checked.
- Technical: Technical processes are checked.
- Preventive: the control is used to prevent a risk/damage (e.g. checking a fire extinguisher).
- Corrective: The control is used to check a known problem and assess whether said problem has been reduced.
- Priority:
- There is no official definition of a key control. However, a distinction can save time in documenting and testing controls that are not key.
The following characteristics can help guide decisions:- It is required to provide reasonable assurance that material misstatements are prevented or detected on a timely basis.
- It is the only control that covers the risk of material misstatement.
- If it fails, it is highly unlikely that another control could detect the absence of the control.
- It is a control that covers more than one risk or supports an entire process execution.
.
- Note: If no threshold has been defined for a key control, any failure of the control escalates to the management system owner!
- There is no official definition of a key control. However, a distinction can save time in documenting and testing controls that are not key.
- Threshold:
- Alarmed if the threshold was exceeded:
- Management System Responsible(s)
- as well as persons and team leaders entered in the input field "Functional escalation to"
Depending on the selected period is the review period of quick value violations:- Year: Since the beginning of the year,
- Quarter: Since the last start of the quarter,
- Month: Since the beginning of the month,
- Week: Since the beginning of the week,
- Day: Since the beginning of the day,
- Hour: Since the beginning of the hour.
Note: If an already violated threshold is violated again within the period, each new violation will escalate.
- Alarmed if the threshold was exceeded:
Test dates
- Implements:
- Here you enter the persons who are responsible for the implementation of the control.
- Control behavior:
- Here you define when it is decided whether a check counts as performed when multiple checkers exist.
- All must accept
- First feedback decides
- The majority decides
- All must accept in turn
- Inspector:
- Here you enter the persons who check the implementation of the control.
- First time:
- Here you set the date of the first control. Furthermore, you can decide whether the control is Recurring and if so, at what interval the control should be performed.
- Deadline:
- If the control is to have a deadline, you must specify it and define which people will be informed when the deadline is exceeded.
- Email notifications once pending:
- If this is enabled, as soon as a control is performed, the implementer is notified. This may be undesirable if a control is to be performed daily, for example.
- Reminders:
- Here you can configure multiple email reminders for the converter.
- Attachments:
- Here you can upload files that are visible to the implementer at each control. For example, this can be an audit trail template that the implementer can download and fill out at each inspection and then return as evidence. Please note that the implementer cannot change the files uploaded here.
copy control
By clicking the button "Create copy of this control definition" the control definition can be copied. The copy contains all the data of the original, i.e. description, converters, mappings, attachments, etc. The only thing that will not be copied are the controls already performed on the original.
Controls performed
Switch to the "Checks performed" tab to get an overview of the checks already performed.
If you then click on a control, a dialog opens in which you can see the details of the control execution.
Caution By changing the status, the control is sent out to the person responsible for execution or to the inspector for a new execution/assessment.
links
If a control is assigned to a risk or a processing activity, for example, this link is displayed in this tab.
Important: This tab is only visible if the control is associated with entities.
Clicking on the blue link opens the respective entity.
Note: If the entity is not displayed in blue, then you lack the authorization to view it or it is in another management system.