04. Control Core

This section contains AlphaTech's control library. Controls are the specific security and privacy measures that reduce risks. Each control is mapped to its source policy, the risks it addresses, and the evidence required to prove it is working.

How to Read This Section

Each control entry shows:

What it is: a plain-English description of what the control does
Whether it is working: Active, Partial, or Not Implemented
What framework it comes from: ISO 27001 Annex A clause, HIPAA safeguard, NIST CSF function
What evidence is needed: specific artefacts that would prove the control to an auditor
Whether evidence exists: Available, Partial, or Missing

What Is Here

Control Library (database below)

Each row is one control. Click any row for the full detail including evidence status, framework mapping, and test history.

Access Control Suite (Evidence Repository)

The full access control suite covering ISMS-POL-AC-01, ISMS-FRM-IAM-01, ISMS-PROC-UAM-01, ISMS-STD-PAA-01, ISMS-STD-ARM-01, and ISMS-STD-VAS-01 is documented in the Evidence Repository as "Access Control Suite - Summary". It explains how the six documents operate as a connected system.

Current Control Status Summary

Status	Count	What It Means
Active	2	Control is operating and evidence is available
Partial	6	Control exists but has gaps or incomplete evidence
Not Implemented	0	No controls fully absent from the library

6 of 8 controls are Partial. This is consistent with documentation maturity outpacing implementation maturity - the key finding of the Risk Assessment Report.