Sometimes an organization is not directly responsible for implementing controls in its environment. The controls might be outsourced, inherited or just not applicable for the organization’s situation. To enable organizations to track these details, Trustero now supports directly managing control responsibility in the platform.
This is not only helpful for making sure there is clarity on which organization is covering all control activities, but this also aids documenting these responsibilities, which is a required part of many infosec compliance frameworks.
The Trustero platform now also enables tracking which vendors are used for controls that are outsourced to, or inherited from, a third party.
Changing the control responsibility to “inherited”
Control with responsibility set to “inherited”
To change a control’s responsibility, navigate to the control in the Trustero platform and click on the “responsibility” drop down.
For more details on how to determine control responsibility, see: Scoping - Determining Control Responsibility.