AI Control Description Refinement

Overview

The Control Description Refinement feature in CERRIX helps users craft clear, comprehensive, and best-practice-aligned control descriptions. By leveraging AI-powered suggestions, users can ensure their control documentation is accurate, structured, and effective.

How It Works

This feature allows users to refine control descriptions by providing AI-generated suggestions based on an initial input. Users can then choose the best suggestion and apply it to their control record.

Step-by-Step Guide

Access the Control Description Field

  • Open an existing control or create a new one within CERRIX.

  • Navigate to the Description section of the control entry page.

Enter an Initial Risk Description

  • Type a brief description of the control in the provided field.

  • Example: "Installing fire extinguishers to prevent our office from burning down."

Use AI to Refine the Description

  • Click the Refine with AI button.

  • The AI will analyze the input and generate five different suggestions that align with best practices, and typical conventions for control descriptions:

    • <When>: The frequency or triggering event that activates the control. This could be time-based (e.g., daily, quarterly) or event-based (e.g., upon system access, after a software update).

    • <Who>: The role or responsible party that is accountable for carrying out the control. This could be an individual, a team, or a department (e.g., system administrator, security team, compliance officer).

    • <What - scope>: The specific scope or aspects that the control is designed to examine, monitor, or regulate. It highlights what is being checked, such as particular systems, data, or processes.

    • <What - purpose>: The objective or intended outcome of the control. It defines the reason the control exists, such as ensuring compliance, mitigating risks, or protecting sensitive data.

    • <With what - input>: The resources, tools, or information that are utilized during the control process. This can include data sources, documents, software, or systems that are necessary for the control to function (e.g., audit logs, security policies, monitoring tools).

    • <How>: The method or process through which the control is executed. This defines the actions or steps involved, which could be manual or automated procedures (e.g., running a security scan, conducting a manual review).

    • <With what - output>: The result or documentation generated by the control. This is the outcome of the control process, which could be a report, a status update, or other tangible evidence of the control’s execution (e.g., audit results, compliance certificates, error logs).

    • <What if>: The actions taken when an issue is detected during the control process. This defines the response procedure, such as investigating the issue, initiating corrective actions, or escalating to a higher authority (e.g., conducting an incident response, notifying management).

  • If AI doesn't detect one of these conventions (for example <Who>), it will put a placeholder for that convention, along with an example in the generated control description.

Generating all suggestions using AI can take a few seconds.

Select and Apply a Suggested Description

  • Review the generated suggestions and select the one that best represents the control.

  • Click Apply Suggestion to replace the original text with the selected AI-generated description.

  • The new description will now be displayed in the control description field.

Save the Updated Control Description

  • Ensure the refined description accurately captures the control.

  • Fill in any other required fields to save the control.

  • Click Save control to finalize the control entry.

Upcoming functionality

In the current version, the AI-powered control description refinement follows a basic template. In our upcoming release, we will enhance this by enforcing a structured template that ensures all key control questions are addressed—covering when, who, what, how, and more.

Benefits of Using AI-Powered Control Descriptions

  • Consistency: Ensures control descriptions follow a standardized format.

  • Efficiency: Reduces the time needed to craft detailed control descriptions.

  • Best Practices Compliance: AI-generated suggestions align with industry standards.

By using the AI Control Description Refinement feature, CERRIX users can improve the quality and clarity of their control documentation, making risk and control management more effective and actionable.

PreviousDesign & Implementation (D&I) TestingNextControl Execution Tasks

Last updated