Controls Overview

What Are Controls?

Controls are the technical, operational, and organizational measures a company implements to meet the requirements of a compliance framework. Each control represents a specific safeguard — such as "Multi-Factor Authentication Enabled" or "Data Encryption at Rest" — and its effective implementation is proven through evidence.

Control Structure

In Imara, each control contains the following information:

• Name and Description — What the control requires and why it matters
• Status — Current implementation state (Not Started, In Progress, Implemented, Failing)
• Owner — Team member responsible for implementation
• Evidence — Proof that the control is working correctly
• Tests — Automated or manual checks that validate the control
• Frameworks — Which frameworks require this control
• Guidance — Detailed guide on how to implement the control
  
  

Control Statuses

• Not Started — The control has not been worked on yet
• In Progress — Implementation is underway
• Implemented — The control was implemented and evidence was accepted
• Failing — An automated test detected the control is not working correctly
• Not Applicable — The control was marked as not applicable to the organization
  
  

Canonical Controls vs. Framework Controls

Imara distinguishes between Canonical Controls (universal security requirements that exist across multiple frameworks) and Framework Controls (the specific controls of each certification). A single Canonical Control can be mapped to controls in SOC 2, ISO 27001, and LGPD simultaneously, preventing you from implementing the same measure more than once.