10. Categories Management
Once you have created or imported frameworks and established domains, you can begin managing your categories.
Categories further refine your framework's structure by grouping related controls under domains, providing greater granularity and clarity in your organisation's structure.
By effectively managing your categories, you ensure that your framework remains flexible, organised, and aligned with your organisation's evolving needs and objectives.
Key Features for Managing Categories
Edit Categories
Update the category code, define the category name, and provide a description to accurately reflect its purpose.
Add New Categories
Create additional categories as needed to expand and enhance your framework.
Delete Categories
Remove categories that are no longer required to keep your framework current and focused.
Reorder Categories
Use the drag-and-drop functionality to reorganise categories, improving the logical flow within your framework.
Move Categories Between Domains
Reassign categories to the appropriate domains to maintain consistency and alignment.
Set Maturity Levels
Define both current and target maturity levels for each category to monitor progress and establish improvement goals.
Define Applicability
The Define Applicability section allows you to specify which domains are relevant to your scope and which are out of scope. This helps optimise resources by focusing on applicable areas. You can set applicability individually for each categories or globally across all categories.
Applicability defines whether a control is relevant to the scope and its implementation status. The options are:
Unknown
- This is the default status, indicating that no determination has been made yet regarding the control's applicability.
Implemented:
-
Indicates that the control is applicable and has been implemented.
-
This control is either selected for importation into policies or defined as implemented in other policies based on frameworks.
-
When marking a control as Not Implemented, it is advisable to provide a clear and concise justification for its non-implementation. This helps maintain transparency and supports future planning for addressing gaps.
Not Implemented:
-
Indicates that the control is applicable but has not been implemented. Controls in this category are not automatically imported into policies.
-
Recommendation: Provide a reason for non-implementation (e.g., organisational immaturity, excluded from scope).
Examples of valid reasons include:- Organisational Immaturity: The organisation lacks the necessary resources, processes, or expertise to implement the control.
- Excluded from Scope: The control is not relevant within the defined scope of the framework.
- Pending Implementation: The control is scheduled for future implementation as part of a phased approach.
- Alternative Measures in Place: Equivalent controls or mitigations have been implemented, rendering this control unnecessary.
Not Applicable
- Indicates that the control is not relevant to the scope and is therefore not implemented.
Assign Owners
Owners can be assigned to each framework category to ensure accountability and clarity. Steps to Assign Owners:
-
Click on the "Owners" button.
-
In the drawer, select one or multiple users as owners.
-
Specify whether the ownership should be applied recursively to underlying subcategories.
-
Click the blue "Assign Owners" button to save your changes.
Monitor Completion Status
View the total number of controls linked from policies to each category and evaluate their completion levels. This feature offers valuable insights into your framework's current compliance status and target objectives based on policies.
Add and Manage Evidence
Attach supporting documentation—such as policies, procedures, or audit reports—to substantiate the controls within each category.
Collaborate and Document
Add comments, document changes, and maintain a history of modifications for transparency and accountability among team members.
Unique standard code
📌 Note: Each Category has a unique standard code displayed at the top of its card (e.g., FC_00001, FC_00002, etc.), ensuring its uniqueness within your framework.