Just general inquiry, team is trying to figure out best way to utilize subcontrols in ZenGRC and wanted to get thoughts on what others have done.
Example is Access Review control, you might have one access review control, but there would be separate evidence for separate systems that require a privileged access review. Team has discussed creating multiple controls and naming (Control1.a, Control1.b, Control1.c etc.) or using processes within the System of Record and mapping to the different systems.
Please respond with anyways your organizations are handling this thanks!