Skip to main content

Control

Short Description

A Control is the combination of resources (e.g. people, tools, budgets, time) and processes that are tasked to realize a specific (control) objective of a specific party. Typically, a control has a management lifecycle that consists of selecting/designing it, implementing and operating it, changing it when necessary, and dismantling it when it is no longer needed. Also, it has a governance lifecycle that (ideally continually) monitors the extent at which it produces the results that determine whether or not its control objective is realized, and specifying changes to better ensure its efficiency and effectiveness.

Purpose

A Control exists for the purpose of ensuring that a control objective of some party is realized. Managing a control serves to ensure that the control exists, is implemented, is operational, is changed when necessary, and dismantled when no longer needed. Governing a control serves to ensure that the control produces results that realize the control objective, which includes that these results are fit to be used for realizing (the results of) the objective that consumes these results.

Criteria

A Control is the combination of resources (e.g. people, tools, budgets, time) and processes that are tasked to realize a specific control objective of a specific party.

Notes

  • Various (management) standards are accompanied by a standard that specifies controls. For example, the ISO 27001 Information Security Management Standards is accompanied with the ISO 27002 standard that specifies controls that can be selected by parties that want to comply with the ISO 27001.