Continuous control monitoring is 6clicks’ latest capability that allows users to create automated and manual tests to verify that controls are properly implemented and functioning effectively. In this article, we will explore how users can configure manual control tests as well as the responsibilities attached to them to ensure robust security and ongoing compliance.
What is continuous control monitoring?
In the context of the 6clicks platform, continuous control monitoring (CCM) refers to the process of validating the effectiveness of technical controls through automated and manual control testing. Our Continuous Control Monitoring feature leverages the advanced cybersecurity solutions of Cloud Security Posture Management (CSPM) tools such as Wiz, which in turn connects with your technology infrastructure. This integration enables the automatic testing and real-time monitoring of your controls, empowering you to strengthen the security of your cloud or IT ecosystem and improve compliance with regulatory requirements and internal policies.
Our CCM functionality equips users with comprehensive features such as:
- Hybrid control testing – Perform both manual and automated tests to verify if controls are working adequately and their corresponding responsibilities are being fulfilled.
- Evidence collection – Easily retrieve compliance evidence and validate control performance through the systematic documentation of test results and control responsibilities.
- Real-time alerts – Get automatic notifications of control failures, configuration issues, and security incidents through the automated testing and live surveillance of your controls.
- In-depth insights – Access turnkey reports on your controls and harness insights such as the success rate and overall coverage of control tests to enhance oversight of your compliance posture.
How to configure manual control tests
To start creating manual control tests, follow these steps:
- First, from the navigation menu of the 6clicks platform, go to the Controls module. This will open your list of control sets.
- Select a control set. This will open the Control Set Builder modal. Make sure the status is in Edit mode then choose a particular control that you would like to create a test for. For example, we are creating a test for anti-malware controls.
- Once the control details open on the side panel, navigate to the Linked Data tab. Under the Tests column, click the Create Test + icon. This will create and open a new manual test on the side panel. Depending on your organization or account’s integration setup, an option to turn it into an automated test will also be available.
- Fill in the Name and Description of the test. Based on our example, the test will check if malware definitions or patterns for each system are up-to-date, and this should be reflected in the name and description of the test.
- Upon clicking the Back ← button, the new test will now be displayed under the Tests column. Select the test again to add responsibilities to it. Responsibilities are necessary for gathering evidence of compliance and control implementation.
- Once the test details open on the side panel, click the Add Responsibility + icon under the Responsibilities column to create a responsibility. This will open the Create Responsibility modal where you can input the details of the responsibility.
- Taking our current example, an appropriate Name for the responsibility would be ‘Verify anti-malware definitions,’ while the Description should specify the steps required to fulfill the responsibility.
- To finish, click Create Responsibility. The new responsibility will then be added under the Responsibilities column on the side panel. Click the responsibility again to configure other information such as recurrence and assigned members.
- Click Recurring to define whether the responsibility will be a one-off or repetitive task. Under Time Period, select the frequency if it will be a recurring task.
- Then, under Assigned Members, add the names of people who will fulfill the responsibility and set the Due Date. This will send a notification to the assigned users and they can then manage their responsibilities within the Tasks module.
- Finally, hit the Back ← button to finish. This responsibility will now serve as evidence that the test is being performed, and the assigned users can then mark the test as ‘Passed’ or ‘Failed’ upon reviewing the attached responsibilities.
To help you better visualize how all of this works, here’s 6clicks Head of Product – Core GRC, Saurabh Rihan with a demonstration of how you can create and configure manual control tests:
In summary, conducting manual control tests and documenting responsibilities are essential in ensuring effective control implementation and achieving sustainable compliance.
To learn how to log control test results, here's a walkthrough video of the process: Logging control test results
Maintain continuous compliance with 6clicks
Leverage 6clicks’ Continuous Control Monitoring capability to automate multi-framework compliance and transform your security compliance strategy.