Articles on: InsAIght Tutorial Articles

How to manage Controls

How to manage Controls


Controls are the concrete measures your organisation implements to meet compliance requirements. InsAIght supports the full control lifecycle, from initial definition and evidence collection to assessment and continuous improvement.


After adopting your frameworks and activating the relevant controls, the “Controls” tab becomes your central workspace for managing, reviewing and monitoring them.


Control overview

Click on the “Controls” tab. This will open the Control Overview page, showing all controls in your organisation with their current status.




Key Information Displayed:

·      Total Controls: The complete count of controls you're managing

·      Controls Below Target: How many controls haven't reached their desired maturity level

·      Number of targets set: How many controls have defined maturity targets


Here you can see which controls have defined targets and which have not yet reached their desired maturity level. These indicate your priority areas.



Setting Target Maturity for each Control

For each control, you need to define what maturity level you want to achieve. This is your "north star" for that control.


 

How to Set Targets:


  1. Click on a control in the overview. For instance, we have clicked on the Control "CCF-HRS-02.1 - Users With Elevated Privileges":



You will notice that this control's status is marked as "No Target", since no target has been defined for this control yet. There is no owner, and "Current: N/A" refers to current maturity level, which has not been assessed.


 

  1. Click on +Start on "Maturity Assessment". You will arrive at this screen, where you will define the maturity level of the control. You will be able to add evidence and provide a summary of the maturity assessment.




Rationale for Different Targets:

Not all controls need to reach the same maturity level. You should consider business impact, risk level, regulatory requirements and resource constraints.

Example Target Setting:

·      Role-Based Access Control: Target M4 (because it's critical for security)

·      Backup Procedures: Target M3 (important but less critical)

·      Vendor Management: Target M2 (foundational level may be sufficient for the implementation phase of the platform)


  1. Click on "Complete".


Assigning Control Owners


Each control should have an owner, the person responsible for implementing and maintaining it. Ownership matters because it creates accountability, ensuring someone is responsible for evidence collection. This facilitates communication about control status and helps with workload distribution


How to Assign Owners:


  1. Find the control in the Controls tab




  1. Click on the icon with the person.


A list of your team members will open. Click on the one you wish to assign as owner:






Updated on: 11/03/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!