Create Citations and Link to Controls

Citations are the individual records that represent the statement, articles, and laws associated with an Authority Document. Controls state how the organization will comply with the Citations that require evidence.

You can create Citations manually or through a .csv import. We recommend that you utilize the import for consistency and ease of entry.

To create a Citation manually:

  1. On the CSM Desktop Client or CSM Browser Client toolbar, select Tools > Table Management.
  2. Select GRC Citation from the Type drop-down list.
  3. From the toolbar, select New.
  4. Provide a title and select an existing authority.
    The Authority ID field autopopulates.
  5. Provide the reference group and reference ID.
    The strategy in your organization determines these values.
  6. For Status, select Evidence Required or Evidence Not Required and then choose or complete the appropriate options or complete the section.
    Evidence RequiredEvidence Not Required
    • The Control Implemented checkbox autofills when at least one Control is linked in the Controls tab in the form arrangement.
    • The Policy defined checkbox autofills if the Control has at least one associated linked Policy.
    In the Justification section, provide an exclusion justification.
    Justification section:
    • Legal Requirement
    • Result of Risk Assessment
    • Business Process
    • Contract Requirement
    Controls tab:
    • Link Controls and edit the Control itself to link Policies.
  7. Provide a description and save the record.