Each control within your Strike Graph Control Library has six customizable attributes: name, description, status, owner, frequency, and progress. These attributes can and should be customized for relevancy to your unique organization.

Reviewing the activated controls in your Control Library, and customizing them to more closely align with your specific organization’s practices, is usually the first step in establishing a compliance program.

The focus of this article will be on control progress. First, it is important to note that assigning progress flags to controls serves as an internal tool. In other words, do not fret if you find that the majority of controls within your library are “Not In Place” within your organization as you take your first pass through the Control Library. Instead, consider the "Not In Place" controls as being on your organization's to-do list to implement.

Once control progress has been assigned to a control, your organization will be able to filter for that control by utilizing its progress flag. In this way, once each control within your entire Control Library has a progress status, your organization will be able to quickly conceptualize where most of your time and energy needs to be devoted.

To find out the total number of controls that are flagged within your library as “Not In Place,” “Partially In Place,” or “In Place,” filter according to the specific flag. The number can be seen in the top right corner, just below the Search button.

To see a visual of the same metrics that the control library filtering provides, navigate to the control monitoring tab on the left side of the screen and view the “donut” charts.

Notice the difference in the two charts above; it is common, and perfectly acceptable, for your organization’s donut chart to look like the one on the left as you are just embarking on your compliance journey. However, prior to entering an audit, your chart will need to look like the image on the right (i.e. every single control within your Library is “In Place”).

Not only should progress flags be assigned during your organization’s first pass through your Control Library, but they should be consistently revisited to reflect the advancement that has occurred within your organization.

Furthermore, control progress flags should be kept up-to-date so that:

Now that we have discussed what control progress flags are and why they are a helpful internal tool, let’s look at how to actually assign the progress accurately. The following bullets offer guidance for how to assign progress flags:

Note: Your organization can decide on your own unique definitions for each progress flag, as long as your team is in agreement. For example, if you are pursuing PCI or an ISO certification, Not in Place would mean the control is out of scope for your organization, but you need to call it out in your SAQ or Statement of Applicability.

Step 1: Navigate to your control library and select a control by clicking anywhere within the control’s row.

Step 2: Click on the edit button that is next to the control name.

Step 3: Click the “Save Changes” button.

Congrats, you have successfully assigned a control progress flag!

Note: Don’t forget to consistently update progress flags when applicable to ensure that your organization is accurately representing the efforts that you are making in regards to developing, implementing, and evidencing your controls.