Effective control management is key to maintaining compliance. DSALTA provides tools to organize, track, and map controls efficiently across multiple frameworks.
Accessing the Controls Page
Navigate to Compliance > Controls to view all controls across your active frameworks. This centralized view shows every security requirement you need to implement.
Understanding the Controls List
The controls list displays:
Control ID: Framework-specific identifier (e.g., CC6.1, A.9.2.1) Control Name: Brief description of the requirement Framework(s): Which frameworks this control applies to Status: Current implementation state Owner: Assigned team member Last Updated: Recent activity timestamp
Filtering and Searching Controls
Use filters to focus on specific controls:
By Status:
Not Started
In Progress
Completed
Needs Attention
By Framework:
Show controls for specific frameworks only
View shared controls across multiple frameworks
By Owner:
See controls assigned to specific team members
Identify unassigned controls
By Risk Level:
Critical
High
Medium
Low
By Category:
Access Control
Cryptography
Monitoring
Physical Security
And more
The search bar allows quick lookup by control ID, name, or keywords.
Control Detail View
Click any control to open its detail page, which includes multiple tabs:
Overview Tab
Displays core control information:
Full control description
Risk level and category
Applicable frameworks
Current status
Assigned owner
Implementation notes
Mapped Elements Tab
Shows all items connected to this control:
Policies: Documented procedures addressing this control.
Documents: Supporting documentation and evidence
Tests: Automated and manual tests verifying the control
Risk Scenarios: Associated organizational risks
This tab reveals the complete picture of how the control is implemented and verified.
Evidence Tab
Centralized location for all evidence supporting this control:
Automated evidence from integrations (logs, configurations, scan results)
Manually uploaded documents (screenshots, reports, certificates)
Policy references
Test results with timestamps
Evidence accumulates over time, creating a comprehensive audit trail.
Activity Tab
Chronological history of control-related activities:
Status changes
Owner assignments
Evidence uploads
Test runs
Comments and notes
This audit trail demonstrates ongoing attention to the control.
Assigning Control Ownership
Every control should have a designated owner responsible for:
Implementing the control
Maintaining evidence
Addressing failing tests
Keeping documentation current
To assign an owner:
Open the control detail page
Click Assign Owner
Select a team member from the dropdown
Optionally add assignment notes
Click Assign
The owner receives a notification, and the control appears in their assigned tasks.
Bulk Assignment
Assign multiple controls to the same owner efficiently:
On the Controls page, select checkboxes next to related controls
Click Bulk Actions
Select Assign Owner
Choose the team member
Apply to all selected controls
This is useful for assigning control categories to functional owners (e.g., all access controls to IT, all HR controls to People Ops).
Control Mapping Across Frameworks
When you activate multiple frameworks, DSALTA intelligently maps overlapping controls. Understanding this mapping is crucial for efficiency.
Viewing Mapped Frameworks
On any control detail page, the Mapped Frameworks section shows all frameworks satisfied by implementing this control.
Example: An encryption control might map to:
SOC 2 CC6.7 (Data encryption)
ISO 27001 A.10.1.1 (Cryptographic controls)
HIPAA 164.312(a)(2)(iv) (Encryption and decryption)
GDPR Article 32 (Security of processing)
How Mapping Works
DSALTA maps controls based on:
Identical Requirements: Controls requiring the same implementation
Overlapping Scope: Controls covering similar security objectives
Evidence Sharing: Controls accepting the same evidence types
When you complete one control, all mapped frameworks show progress.
Benefits of Control Mapping
Reduced Duplication: Implement once, satisfy multiple frameworks
Efficient Evidence Collection: One evidence set serves multiple requirements Streamlined Testing: One test verifies multiple framework controls
Faster Certification: Less total work to achieve multiple certifications
Prioritizing Control Implementation
Not all controls are equally urgent. Prioritize based on:
1. Risk Level
Start with Critical and High-risk controls:
Access management and authentication
Encryption and data protection
Monitoring and logging
Incident response
These form your security foundation and are heavily scrutinized during audits.
2. Framework Impact
Focus on controls mapped to multiple frameworks—these give maximum return on effort.
3. Current Status
Address "Needs Attention" controls immediately:
Previously passing controls, now failing
Missing critical evidence
Failing automated tests
4. Dependencies
Implement foundational controls before dependent ones:
Set up access controls before access reviews
Implement logging before log analysis
Establish policies before policy training
Adding Custom Controls
Beyond standard framework controls, you can add organization-specific controls:
Navigate to Compliance > Controls
Click Add Custom Control
Enter control details:
Control name and description
Category and risk level
Owner assignment
Implementation timeline
Map to relevant frameworks (optional)
Create associated tests
Save the control
Custom controls help you manage security requirements not explicitly covered by standard frameworks, such as customer-specific contractual obligations.
Control Status Updates
DSALTA automatically updates control status based on:
Test results (passing tests move controls toward completion)
Evidence uploads (sufficient evidence advances status)
Manual overrides (owners can update the status with justification)
Status Change Logic:
Not Started → In Progress: Evidence uploaded or owner assigned
In Progress → Completed: All tests passing, sufficient evidence collected
Completed → Needs Attention: Test failure or evidence expiration
Needs Attention → Completed: Issues resolved, tests passing again
Control Comments and Notes
Add context to controls through comments:
Implementation challenges
Remediation plans for failing tests
Questions for auditors
Historical context
Decision rationales
Comments appear in the control's Activity tab and help teammates understand control status without direct communication.
Control Remediation Workflow
When a control shows "Needs Attention":
Identify the Issue: Check which test failed or what evidence is missing
Review Guidance: Read remediation instructions in the test or control
Assign Responsibility: Ensure the owner knows about the issue
Implement Fix: Address the root cause
Verify Resolution: Re-run tests or upload missing evidence
Monitor: Ensure the issue doesn't recur
DSALTA tracks time-to-remediation, helping you demonstrate responsive security practices.
Exporting Control Data
Generate control reports for:
Executive summaries
Audit preparation
Team planning
Compliance documentation
Export options:
Excel/CSV: Complete control list with all metadata
PDF Report: Formatted control documentation
Framework-Specific: Controls for particular frameworks only