Modulos Logo
Documentation

Appearance

Fulfilling a Control

This article guides you through the process of fulfilling a Control end-to-end.

What is a Control

A control, in the context of compliance, is a specific measure or procedure implemented by an organization to mitigate risks, ensure adherence to regulations, and achieve compliance objectives. Controls are designed to prevent, detect, or correct non-compliant activities or errors within business processes. Learn more about controls.

Control Fulfillment Steps

To help you get started on your compliance activity on Modulos, the example included in this article walks through the process of fulfilling a Control.

  • Review the Control and its Guidance
  • Assign ownership to the Control
  • Write a Report and attach Evidence
  • Associate Risks, Tests and Tags
  • Review the Control and change its Status

control_detail

Control Detail

Requirements

  • You’re logged into the Modulos platform
  • You have access to a project and you're assigned the editor role. You’ll need the reviewer or owner role to complete the review step

Example: MCF-26 Data Privacy

The Control MCF-26 “Data Privacy” is concerned with the question of whether sufficient measures are in place to ensure privacy and data protection. This Control therefore has a wide scope, as privacy and data protection concerns can arise in many aspects of an AI project.

Step 1: Review the Control

  1. Inside your project, navigate to the Control page by clicking on Control in the top bar
  2. You can find the MCF-26 Control by searching for its name in the Search for Contents field and clicking on the MCF-26 Control.
  3. You can then review the Overview and Guidance for the Control.

Step 2: Assign a Control Assignee

Every Control should be assigned to a person that’s responsible for its fulfillment. You can assign the owner by selecting a user from the field in the sidebar. This user will get a notification that they’ve been assigned as owner and see this Control as part of their user dashboard.

Step 3: Write a Report and Attach Evidence

If you navigate to the Report tab, you will find an editor with a template report. Depending on your organization approach, you can use this template, or follow your own report style. In this report, you should assemble a detailed explanation of how this Control is met.

In order to support the report, you can attach one or more Evidence to the Control. You can do so either on the Control tab, where you can either attach an already-uploaded Evidence file, or upload a new one and directly attach it to the Control.

NOTE: If you attach an Evidence file to a Control and change its status to completed, then you can no longer edit or delete the Evidence.

Step 4: Associate Risks, Tests and Tags

You can associate the Control to other concepts in the sidebar.

Associating Risks to Controls is an important part of AI risk management.

  • If the Control is relevant to an already existing Risk, you can associate the two by clicking Associate to a Risk and selecting the Risk.
  • If as part of the Control fulfillment process, you realize that a new Risk should be created, you can do so by clicking Associate to a Risk and clicking Create New Risk. This will forward you to the Risk creation process.

Associating Tests to Controls can be helpful in the AI governance process. Testing is a highly flexible feature which allows you to automatically check whether your AI system infrastructure is operating in the way that’s expected.

  • If the Control is relevant to an already existing Test, you can associate the two by clicking Associate to a Test and selecting the Test.
  • If as part of the Control fulfillment process, you realize that a new Test should be created, you can do so by clicking Associate to a Test and clicking Create New Test. This will forward you to the Test creation process.

Controls that are part of Frameworks maintained by Modulos are already tagged with Tags related to the AI System Lifecycle, Goals, Areas and Scopes. By clicking Update Tags in the sidebar, you can add or update the Tags associated with the Control to make your Controls easier to filter and group.