In the context of information security, a control is a safeguard or countermeasure designed to detect, prevent, or mitigate potential risks to a system or process. Controls can be administrative (e.g., policies and training), technical (e.g., encryption and access controls), or physical (e.g., locks and guards) and are implemented to ensure the confidentiality, integrity, and availability of data.