The 6clicks Continuous Control Monitoring capability was recently released to enable users to conduct automated and manual tests on their controls, facilitating control validation, evidence collection, and real-time compliance oversight. In this blog, we previously discussed at length how users can configure manual control tests and responsibilities to verify compliance. Now, we’ll take a look at the process of logging test results for manual control tests. Continue reading to learn more:
What are the benefits of 6clicks’ Continuous Control Monitoring solution?
Continuous control monitoring (CCM) within the 6clicks platform refers to the process of testing the effectiveness of controls manually or automatically to achieve continuous compliance. Automated control testing involves connecting to Cloud Security Posture Management (CSPM) tools to implement automatic surveillance of technical controls and ensure comprehensive security for your cloud or IT environment. CCM provides users with benefits such as:
- Robust control implementation – With both manual and automated tests, organizations can easily check if controls are working properly and access evidence to demonstrate and maintain ongoing compliance with regulatory requirements.
- Real-time compliance alerts – Automated control tests provide you with real-time alerts of control failures, non-conformities, and security incidents, so you can promptly action issues and areas of non-compliance.
- Actionable compliance insights – Reports on control performance are automatically generated within the Controls module, providing you with enhanced visibility on the success rate and overall coverage of control tests.
How to log manual control test results
For manual control tests, the process of logging test results is split into two components, reviewing evidence and logging the test result. Here are the steps for the whole process:
- Go to the Controls module from the navigation menu of the 6clicks platform to access your list of control sets.
- Open a control set. The status should be Published, allowing you to see an overview of information on all control tests under the Insights tab on the side panel.
- Select a control then go to Linked Data on the side panel. Under Tests, you will see a list of all tests – both manual and automated – that have been conducted for that particular control. You can also see whether each test has a ‘Passed’ or ‘Failed’ test result or does not have a result yet.
- Choose a control test that you want to log a new result for. For example, we want to evaluate a control test requiring the verification of up-to-date malware definitions in all systems. First, you need to review the responsibilities or tasks associated with that control test.
- Click the Responsibilities drop-down below the control test to view more information. From the Responsibilities modal, you will be able to see details such as the assigned team member(s), if the responsibility is a recurring or one-time task, and its current status, showing whether it is in progress or completed.
- You can also see the date of completion as well as the actual due date of the responsibility. Then, on the tabs on the left, you can review and download the actual evidence – which are the comments and attachments added by the assigned team member(s) – to validate the result of the control test.
- Using our current example, since the assigned team member marked the status of the responsibility as completed, added comments mentioning that all systems have up-to-date malware definitions, and attached the required documentation to support this, we can now log the result of the control test.
- Go back to the side panel, click the Log New Result icon + beside the control test, and mark the test as ‘Passed.’ Once the new test result is logged, you can then go into the test result details and write additional comments.
To view past results for a control test, click on the control test and navigate to the Test Results tab on the side panel. There you will be able to see previous test results, the dates they were logged, and their status (Passed or Failed). If you want to log a new result for the control test, you can click the Log Test Result button at the bottom and select ‘Passed’ or ‘Failed.’ The new test result will then be automatically added under the Test Results tab.
Check out this step-by-step guide prepared by 6clicks Head of Product – Core GRC, Saurabh Rihan for a complete demonstration of this process:
Essentially, checking and fulfilling responsibilities attached to control tests are critical to ensuring the effective implementation of your controls.
Leverage continuous control and compliance monitoring with 6clicks
Automate multi-framework compliance using 6clicks’ Continuous Control Monitoring solution.