Question - Compliance Analysis Mapping

Hi Team

Do we still have to manually map compliance analysis items to Mitigation options?



you can use bulk edits , which now support “append” data not just “replace” (this makes it easier to populate them). you can also use compliance mappings if you have more than one package and they overlap at some point.

you were expecting a csv import type of mapping? for the time being that does not exist on this section.


Thanks for the info, the compliance mappings is great for different standards with matching controls… however we have many compliance packages that are the same, for exmaple

ISO India… There will be maybe 20+ of these.

Each will have 114 controls/policy etc that we need to map to the compliance packages, quite a large manual effort.

So it would be great if an import could be put onto the roadmap?


It does not matter, if you run the same “Internal Controls” across different regions the concept of mapping is still applicable. We had ISO in multiple countries and some “Internal Controls” were applicable as they applied in the same way no matter the geography (account reviews, cctv, etc)

I’m not sure i understand you well, but is unlikely that an organisation will need the same number of “Internal Controls” as “Compliance Requirements” as typically you leverage with a ratio of 3-10, this means that if you have 100 requirements you will most likely need 33-10 “Internal Controls”. For that reason bulk edits typically do the job in a couple of hours (you re-use the same settings over and over).