Introduction
You can ensure your policies meet any regulatory or standard security certification (SOC2, ISO, PCI, HIPAA, etc.) requirements by mapping controls to your policy. You also have the option to map Internal Controls to policies, however, internal controls that are already mapped to control requirements will auto-populate in the record. Once controls are mapped, you can see your policy connection in the control library for the purpose of gap analysis or print out your policy and see your control references.
NOTE: C1Risk recommends using the Internal Controls mapping option. This option automatically links any regulatory or standard references that are linked to internal controls. This creates a more efficient process for compliance and gap analysis. LINK HERE
Mapping Control Library (Regulations and Standard Requirements)
- From your policy record main page, look for the Control Library Field and click on the magnifying glass to access your control library. NOTE: your policy must be in draft (open), or revision status.
- Your Control Library will appear. Use the filters and keyword search to select the requirement(s) (obligation) and controls you wish to map.
- Select the controls using the checkbox (Use SHIFT+rightclick to select multiple controls).
- Click ‘Apply”
- Now your controls are mapped, and any connected internal controls will also be mapped to your policy.
- This can be viewed in the policy record and/or in the control library list view and in the specific control.
- Note in the policy record, filters are available to search for specific regulations and controls.
Policy record/Control Library Tab
Policy record/Internal Controls Tab
Control Library List View
Control Library/Control Record
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article