Control

Definition (EN)

A control is a measure that modifies risk by maintaining or changing the likelihood and/or impact of an event.

Explanation (EN)

Controls are implemented to prevent, detect, correct, or mitigate risks and to support the achievement of organisational objectives.
They may be administrative, technical, physical, or organisational in nature and can operate at strategic, tactical, or operational levels.
Controls are selected based on risk assessment results and are used to reduce risks to acceptable levels in line with the organisation’s risk appetite and risk tolerance.

Nederlandse term (NL)

Beheersmaatregel

Definitie (NL)

Een beheersmaatregel is een maatregel die risico’s wijzigt door de waarschijnlijkheid en/of de impact van een gebeurtenis te beheersen of te veranderen.

Toelichting (NL)

Beheersmaatregelen worden ingevoerd om risico’s te voorkomen, te detecteren, te corrigeren of te beperken en om het realiseren van organisatiedoelstellingen te ondersteunen.
Zij kunnen administratief, technisch, fysiek of organisatorisch van aard zijn en functioneren op strategisch, tactisch of operationeel niveau.
Beheersmaatregelen worden geselecteerd op basis van risicoanalyse en worden toegepast om risico’s terug te brengen tot een aanvaardbaar niveau, in lijn met de risicobereidheid en risicotolerantie van de organisatie.

Source

• ISO 31000:2018 — Risk management — Guidelines

• ISO 31073:2022 — Risk management — Vocabulary

• ISO/IEC 27001:2022 — Information security management systems — Requirements

• ISO/IEC 27002:2022 — Information security controls

Related terms

• Risk

• Risk treatment

• Residual risk

• Control objective

• Information security

• Standard

Definition ComplianceForge Reference Model

• Controls are technical, administrative or physical safeguards.

• Controls are the nexus used to manage risks through preventing, detecting or lessening the ability of a particular threat from negatively impacting business processes.

• Controls directly map to Standards, Procedures and Control Objectives.

• Control testing is designed to measure specific aspects of how Standards are actually implemented and if the Control / Control Objective is sufficiently addressed.

Every Control Maps to A Standard

Every Procedure Maps to A Control