The world seems to be getting more dangerous: terrorists; fraudulent corporations; money laundering; hurricanes; pandemics. Governments and organizations respond with a flurry of new controls. In some cases these are centrally mandated (e.g. Sarbanes Oxley). In others, organizations struggle to find their own control solutions. Seldom, however, do organizations work together as a community of common interests to share solutions to their control threats. In this paper we consider how an open exchange of control solutions might be supported electronically. We assume a community of similar organizations that wish to exchange detailed knowledge about organizational control techniques. These might be non-competing institutions, such as libraries, customs agencies, and even universities; or, they may in fact be competing organizations, wishing to exchange control solutions in dimensions where they do not compete – e.g. the airlines exchanging best practice about safety and security. The main point is to propose an information technology architecture that permits a view of organizational controls as shareable, exchangeable knowledge commodities.