Plans

Creating and configuring plans


title: Creating and configuring plans description: Setting up and configuring new automatic compliance cycles in Tidal Control sidebar_position: 2

Creating and configuring plans

Adding new plans

Creating a plan

Creating a new plan starts with basic configuration that determines automatic task generation.

Plan creation steps:

  1. Click "Add Plan" button in the top right of Plans overview
  2. Plan creation dialog opens with basic configuration fields
  3. Fill in plan information according to your compliance needs
  4. Click "Create" to create the plan

Creating new plan

Filling in basic plan information

Required fields:

Name:

  • Clear description of compliance cycle
  • Tip: Add PDCA phase and frequency for structure
  • Examples: "Plan phase (annually)", "Check phase (quarterly)", "Monthly access reviews"

Frequency:

  • Daily - For operational monitoring
  • Weekly - Regular operational controls
  • Monthly - Standard compliance reviews
  • Quarterly - Strategic assessments
  • Semi-annually - Strategic assessments
  • Annually - Management reviews and planning

Valid From:

  • Start date for automatic task generation
  • Default: "Today's date" to activate the new plan immediately
  • Use: Set to future date when implementation is phased

Valid To (optional):

  • End date for plan cycle
  • Default: "Not set" for continuous cycles
  • Use: For project-bound compliance or temporary cycles
Warning

Important: Valid From and Frequency cannot be changed after the plan is created. Plan these carefully for optimal timing.

Configuring plan details

After your plan is created, you can adjust basic information and create the workflow to activate the plan.

Plan workflow configuration

Updating plan basic information

  • Name - Can be changed after creation
  • Custom ID - Optional unique identifier (e.g. P.01)
  • Valid From/To - Only Valid To can be changed
  • Frequency - Not changeable after creation
  • Description - Description of plan purpose

Configuring Plan Workflow

After plan details are filled in, configure automatic task generation via "Build workflow".

Setting up workflow

Workflow configuration

Task configuration steps:

Selecting task type:

  • Ask users to dropdown - Choose what users should do. If you choose 'Assess the control' the Plan will create an Assessment task. In all other cases the Plan will create an Execution task.
  • Execute the control - Default option for control implementation
  • Other options available for different task types
Tip

Leave this field on default and use other task types ONLY if you plan to create a complex workflow with multiple steps.

Timing configuration:

  • Create tasks on - When tasks are created (e.g. 1-9-2025)
  • Their due date is on - Deadline for completion (e.g. 28-2-2026)
  • Time between creation and deadline determines how much time teams get

Writing task instructions:

Each Plan automatically adds the Control and/or Asset description to generated tasks.

Additionally, via the 'Task description' it's possible to add one additional instruction to all tasks created by the Plan.

  • Write tab - Use (markdown) editor for detailed instructions
  • Preview tab - Check how instructions look
  • Markdown support - Use headings, lists and links for clarity
  • Write specific instructions - Describe exactly what needs to happen

Task instructions template:

### What needs to be done
[Describe concrete steps]

### Required information
[What data is needed]

### Expected result
[What is the desired outcome]

### Evidence
[Which documents to upload]
Warning

The task instructions are additional instructions added to all tasks created by this Plan.

Completing workflow:

  1. Click "Add task" to add a new task to the workflow
  2. Repeat process for different task types if needed
  3. Preview section shows when tasks are automatically sent
  4. Check timing - Start date, due date and execution time
Tip

Realistic deadlines: Ensure sufficient time between task creation and due date. Teams need time for planning and execution.

Defining plan scope

Scope configuration options

After basic configuration, define which items are automatically controlled by this plan.

Two scope methods:

  • Plan by Controls - Focus on control implementations
  • Plan by Assets - Focus on business assets

Plan by Controls

When to use controls scope:

  • Assess control effectiveness
  • Framework compliance (ISO 27001, SOC 2)
  • Check policy compliance
  • Conduct process evaluations

Selecting controls:

  1. Go to Scope tab in plan details
  2. Select "Plan by Controls" tab
  3. Select controls that belong in this cycle
  4. Check for inactive Controls - tasks are only created for Controls that are themselves also active

Plan by Controls scope

Controls scope example:

Annual ISMS planning:
✓ A.01 Context of the organisation documented
✓ A.02 Legal and contractual requirements identified  
✓ A.03 Scope of the ISMS determined
✓ A.05 Roles and responsibilities defined

Plan by Assets

When to use assets scope:

  • Technology assessments
  • Vendor evaluations
  • Infrastructure reviews
  • Business unit reviews

Selecting assets:

  1. Go to Scope tab in plan details
  2. Select "Plan by Assets" tab
  3. Select assets that belong in this cycle
  4. Check for inactive Assets - tasks are only created for Assets that are themselves also active

Plan by Assets scope

Assets scope example:

Quarterly cloud security review:
✓ Microsoft Azure Cloud (SYS.001)
✓ AWS (SYS.002) 
✓ Public website (SYS.003)
✓ 1Password (SYS.004)

Plan preview and validation

Using preview functionality

Check when tasks are automatically generated over the coming period.

Plan preview timeline

Understanding preview information:

  • Task - Type of task generated (Execution or Assessment)
  • Period - The period for which tasks are created
  • Start Date - When tasks become available
  • Due Date - Deadline for completion
  • Time to Execute - Time between start and deadline
  • Number of Tasks - How many tasks per cycle (corresponds to number of unique control-assets combinations)

Plan status verification

Status indicators on the right:

  • Details: ✅ Plan is valid - when current date falls within validity period
  • Workflow: ✅ Tasks configured - At least one workflow task configured with valid start and end date
  • Scope: ✅ Controls / Assets assigned - At least one scope object linked.
  • Scope: ✅ All assigned Controls / Assets are active - Each linked scope object is itself also active.

Status troubleshooting:

  • ⚠️ Plan is not valid - Set 'Valid to' date in the future
  • ⚠️ Tasks not configured - Configure at least one task in the Workflow builder.
  • ⚠️ Plan has no assets assigned - Select at least one control or asset
  • ⚠️ Not all assigned controls are active - Activate controls or remove from scope

Practical configuration tips

Frequency selection

Start by assigning law and regulation driven activities:

  • ISO 27001 - Management review annually, risk assessment quarterly
  • GDPR - Processing records periodic assessment, annual review of impact assessments
  • SOC 2 - Control testing quarterly, management review annually

Add risk-based activities:

  • High risk - Monthly or weekly
  • Medium risk - Quarterly assessments
  • Low risk - Annual reviews

Timing optimization

Workload distribution:

  • Avoid December/January - Holidays and vacation
  • Spread over quarter - Not everything in first month
  • Concurrent capacity - How many plans simultaneously?
  • Team availability - Who does what when?

Common configuration problems

Plan remains inactive

Possible causes:

  • Empty scope - No controls or assets selected
  • Future start date - Valid From still in the future
  • Missing workflow - Tasks not configured
  • Owner problems - Scope items without responsible persons

Solution steps:

  1. Check scope tabs - At least one item selected?
  2. Verify Valid From - Date is today or earlier?
  3. Review owners - All scope items assigned?
  4. Configure workflow - Tasks set up for automation?

Preview shows no or 0 tasks

Diagnosis checklist:

  • Scope definition - Items selected in scope?
  • Date configuration - Valid From not too far in future?
  • Controls and Assets active - Check in Scope tab if controls and assets are active

Plan activation workflow

Activation checklist

For automatic task generation everything must be complete:

  • Basic configuration - Name, frequency, dates filled in
  • Scope defined - Controls or assets selected
  • Scope activated - Controls or assets must themselves also be Active
  • Workflow configured - Task automation set up
  • Preview checked - Timeline matches expectations

Next steps

Now that you can create and configure plans:

  • Start with one pilot plan for known compliance cycle
  • Configure task workflow for automatic execution
  • Monitor first task generation and team reactions
  • Optimize scope and timing based on practical experience