Create an Authority Document

After an Authority Document is created, Citations with associated Controls and Policies can be uploaded and linked to the Authority Document.

Authority Documents consist of Citations. Citations are linked to Controls, and Controls are linked to Policies. External Controls are most likely driven by an Authority Document such as International Organization for Standardization (ISO), while internal Controls may not have an Authority Document unless your organization chooses to create one. Policies are business driven (example: How your organization will handle the Controls and how the Controls will be met).

To create an Authority Document:

  1. From the CSM Desktop Client or CSM Browser Client toolbar, select New > New ISMS Authority Document.
  2. Provide a name and description.
  3. Select the assigned team and owner.
  4. Select a sponsor team and executive sponsor.
  5. Provide an originator.
  6. Choose an effective date.
    The Active Date field is populated automatically when the Authority Document is activated. Retired date will be populated automatically when the Authority Document is retired.
  7. Choose a type.
  8. Select the Activate Authority Document link in the Actions list.

Add Citations and link those to Controls until all Citations have a status of Evidence Not Required or Evidence Required and display in green.