All Collections
Strike Graph Basics
How to Deactivate Controls and Evidence Items
How to Deactivate Controls and Evidence Items

How to deactivate controls and evidence items, and when it is appropriate to do so.

Cayla Marshall avatar
Written by Cayla Marshall
Updated over a week ago

When is it appropriate to deactivate controls?

When is it appropriate to deactivate evidence items?

How do I deactivate an item?

What is the difference between deactivating an item and unlinking an item?

What does it mean to deactivate an item in my Strike Graph account?

When you deactivate a control or evidence item, you are simply removing that item from your active library. This means that the item will not appear in your regular library view, allowing you to concentrate on items pertinent to your organization. Deactivating an item is not a permanent action, and any item that has been previously deactivated can be reactivated and reintegrated into your library when necessary.

When is it appropriate to deactivate controls?

You may choose to deactivate a control if it does not apply to your organization. However, it’s important to note that there is a difference between a control not yet being implemented versus a control not being applicable. Consider the following scenarios to understand the difference between the two.

Scenario One:

  • Control Name: Antivirus

  • Control Description: Antivirus is installed on workstations and servers to help protect against viruses and malicious software on the systems.

  • Situation: At ABC Company, antivirus software is currently installed on servers, but not on workstations. However, ABC Company’s risk assessment has shown that this is a high-risk area, and installing antivirus software on workstations would lower the potential risk.

  • Appropriate Approach: ABC Company develops an action plan to install antivirus software on workstations as soon as possible. Once this is complete, ABC Company uploads an evidence attachment to show that this control is now in place and operational.

Scenario Two:

  • Control Name: Office Access

  • Control Description: Access to the office is controlled and monitored to secure sensitive information, systems, or infrastructure.

  • Situation: ABC Company is a fully remote organization and does not have any physical office locations.

  • Appropriate Approach: ABC Company determines this control to be not applicable and therefore deactivates the control.

When is it appropriate to deactivate evidence items?

Evidence items can be deactivated in two scenarios: when the evidence item has no active linked controls or when the evidence item does not apply to your organization.

Scenario One: The evidence item has no active linked controls

If all controls associated with an evidence item have been deactivated, you will see a “0” in the controls column within your Evidence Repository.

This is a signal that the evidence item is likely not applicable and can be deactivated following the steps below.

Scenario Two: The evidence item does not apply

After customizing your control descriptions, you may find that some of the associated evidence items are no longer relevant. For example, if your organization chooses to remove mention of “antivirus installed on workstations” from your Antivirus control description, then you can also deactivate the associated “Antivirus Configuration - Workstation” evidence item.

The result should be that your active evidence reflects how your organization operates this particular control.

Note: It’s important to understand that you should not necessarily deactivate an evidence item that has not yet occurred but has the potential to occur. A common example is evidence related to responding to security incidents. In this scenario, Strike Graph recommends following this guidance.

How do I deactivate an item?

Once you determine it’s appropriate to deactivate a control or evidence item, you can do so by following the steps below.

Scenario One: Deactivating controls

  1. Locate the control you would like to deactivate

    1. If you are viewing the control from the Control Library:

      1. Click on the "more" menu button (the three vertical dots) on the right side of the control card. When the menu appears, select “Deactivate.”

    2. If you are viewing the control from its control page:

      1. Click “Edit”

      2. Toggle the Status to “Inactive”

      3. Click “Save Changes”

  2. Tip: Before finishing this task, double-check if any evidence items are now left with no active controls. If so, follow the steps below to deactivate those evidence items.

Scenario Two: Deactivating evidence items

  1. Locate the evidence item you would like to deactivate

    1. If you are viewing the evidence item from the Evidence Repository:

      1. Click on the "more" menu button (the three vertical dots) on the right side of the control card. When the menu appears, select “Deactivate.”

    2. If you are viewing the evidence item from its evidence page:

      1. Click “Edit”

      2. Toggle the Status to “Inactive”

      3. Click “Save Changes”

What is the difference between deactivating an item and unlinking an item?

When deactivating controls and evidence items, you may encounter the option to “Remove link.”

It's important to understand that deactivating an item and unlinking an item are distinct actions and should not be used interchangeably. Deactivating an item merely removes it from your library, allowing for reactivation at any time. On the other hand, unlinking an item severs associations with other criteria, evidence, risks, and controls within the platform. Maintaining these connections is vital as these elements may become relevant as your compliance program evolves. It is rarely necessary to unlink an evidence item.

Did this answer your question?