Skip to main content

Vendor - Compliance Controls

The dashboard to monitor your vendors' adherence to security frameworks, track their progress, and identify areas that need attention.

Updated over a month ago

Overview of the Compliance Controls Dashboard

  • The Compliance Controls tab gives you a high-level and detailed view of a vendor's compliance status against the frameworks you've selected.

  • This dashboard is crucial for ensuring your vendors meet your security and regulatory requirements.

  1. Summary Section:

    • Compliance Progress: The donut chart provides a visual representation of the vendor's total compliance coverage, showing the percentage of controls that have been addressed.

    • Security Rating: The overall security score and letter grade are displayed, along with the trend over the last 30 days. This score is directly influenced by the vendor's compliance with controls.

    • Compliance Controls Status: A summary of the number of controls in different statuses:

      • Passed: Controls that have been successfully met.

      • Needs attention: Controls that require review or further action.

      • Failed: Controls that have not been met.

      • No evidence: Controls for which no evidence has been provided.

  2. Controls Table:

    • This table lists all the individual compliance controls associated with the selected framework.

    • ID & Control: A unique identifier and a detailed description of the control (e.g., "Employee background checks performed").

    • Framework: The specific framework the control belongs to (e.g., SOC 2).

    • Owner: The individual responsible for this control.

    • Score: A numerical score indicating how well the control has been implemented.

    • Risk Level: The risk associated with the control, helping you prioritize (e.g., Critical).

    • Tests & Evidences: A count of the number of tests and evidence provided for the control, indicating its verification status.

  3. Taking Action:

    • Use the summary to quickly identify compliance gaps.

    • Drill down into the controls table to find out which specific controls are "Failed" or "Needs attention."

    • You can use the "Manage" button to assign controls or request evidence from the vendor.

Accessing Control Details

  • From the Compliance Controls table, click on a specific control to open the detailed view panel.

  • This panel provides all the information needed to understand, verify, and manage a single compliance control.

  1. Control Details Section:

    • ID & Framework: The control's unique ID and the framework it belongs to.

    • Owner: The person responsible for the control.

    • Score & Risk Level: The implementation score and the associated risk level.

    • Test Status & Evidence Status: The number of tests and evidence provided gives you a clear picture of its verification status.

    • Frequency: How often the control should be reviewed (e.g., Annual).

  2. Mapped Evidence:

    • This section shows the policies and documents that have been mapped as evidence for this control.

    • Policies: A list of internal policies that support the control's implementation (e.g., "Human Resource Security Policy").

    • Documents: A list of documents, reports, or files provided as evidence (e.g., "Completed Employee Background Checks").

    • This evidence allows you to verify that the vendor has indeed implemented the control as claimed.

  3. Using This View:

    • This detailed view is essential for your audit and due diligence processes.

    • Use it to review the provided evidence and ensure it meets your requirements.

    • If a control is marked "Failed" or "Needs attention," you can use this view to understand why and communicate specific needs to the vendor.

Accessing "Manage Frameworks"

  • The Manage Frameworks dialog is typically accessed from the Compliance Controls dashboard or when first setting up a vendor.

  • This is a crucial step as it customizes the security controls that DSALTA monitors for that vendor.

  1. Selecting a Framework:

    • The panel presents a list of common compliance frameworks.

    • SOC 2: AICPA's standardized framework to prove a company's security posture.

    • HIPAA: U.S. regulation to secure Protected Health Information (PHI).

    • ISO 27001: Global benchmark for an Information Security Management System (ISMS).

    • GDPR: European Union regulation to protect personal data and privacy.

    • PCI DSS: Industry-mandated requirements for securing Credit Card data.

    • You can select one or more frameworks that are relevant to your organization and the vendor's operations.

  2. Applying the Frameworks:

    • After selecting the desired frameworks, click the Apply button.

    • DSALTA will then load all the relevant compliance controls for those frameworks, allowing you to begin the assessment and monitoring process.

  3. Importance of Framework Selection:

    • Selecting the right frameworks ensures that the vendor's security posture is evaluated against the standards that are most important to your business and industry.

    • It helps you maintain compliance and reduces your risk exposure.

Related Articles
Audit Profile
Frameworks
Controls
Vendors - Overview
Vendors - Summary
Did this answer your question?