Create Citations and Link to Controls

Citations are the individual records that represent the statement, articles, and laws associated with an Authority Document. Controls state how the organization will comply with the Citations that require evidence.

Citations can be created manually or through a .csv import. It is recommended that the import be utilized for consistency and ease of entry.

To create a Citation manually:

1. On the CSM Desktop Client or CSM Browser Client toolbar, select Tools > Table Management.
2. Select ISMS Citation from the Type drop-down list.
3. From the toolbar, select New.
4. Provide a title and select an existing authority.
   Authority ID field will automatically populate.
5. Provide the reference group and reference ID.
   These values are determined by the strategy in your organization.
6. For Status, select one of the following options:
   1. Evidence Required
      1. • Select the Control Implemented check box when at least one Control is linked in the Controls tab in the form arrangement.
         • Select the Policy defined check box if the Control has at least one associated linked Policy.
      2. In the Justification section, select the following:
         • Legal Requirements
         • Result of Risk Assessment
         • Business Process
         • Contract Requirement
      3. Use the Controls tab to link Controls. Edit the Control itself to link Policies.
   2. Evidence Not Required
      1. In the Justification section, provide an exclusion justification.
7. (Optional) Provide a description.