Creating a custom control
You can use custom controls to collect evidence from specific data sources that you define.
Just like standard controls, custom controls collect evidence continually when they’re active in your assessments. You can also add manual evidence to any custom control that you create. Each piece of evidence becomes a record that helps you to demonstrate compliance with your custom control’s requirements.
To get started, here are some examples of how you can use custom controls:
- Use an existing control as a starting point
-
You can customize any control in Audit Manager. This is a good option if an existing control more or less meets your objective, but you want to extend its guidance or adjust a few attributes to meet your specific needs. For example, you might change how often a control collects evidence, and then change the control’s name to reflect this.
- Create a custom control for internal audits
-
To support internal audits, you can create a purpose-built custom control that’s not related to any specific compliance framework or regulation. This gives you the freedom to tailor your control’s requirements to a particular area, or collect evidence from a business-specific resource. For example, you can create a custom control that uses your organization’s custom AWS Config rules as a data source for evidence collection.
- Create a vendor risk assessment question
-
You can use custom controls to support how you manage vendor risk assessments. Each control that you create can represent an individual risk assessment question. In this case, the control name can be a question, and you can provide an answer by uploading a file or entering a text response as manual evidence.
There are two ways to create a custom control. You can create a new control from scratch or you can customize an existing control.
