mapping is in our experience … miss-leading. this is why eramba uses internal controls to compliance requirements FIRST and compliance requirements to compliance requirements SECOND
we re-enforced this idea of miss-leading these last months as we prepared a base database of mappings for opensourcegrc.org. two resources that might help:
1- read this FAQ we drafted for opensourcegrc , the first 8 pages (sorry) in particular this: OpenSourceGRC FAQ - Google Docs
2- we have mappings (for OSGRC) prepared on this file, they are not “public” but if you have patience you will understnad what they mean and how to import them to eramba (https://docs.google.com/spreadsheets/d/1C2wakH6MFTkP1gAHRbuqFXbpPpcRg6u1E_sRMpj37MU/edit?usp=sharing) .