How Do I Map Requirements and Controls in My KCM GRC Platform?
In your KCM Governance, Risk and Compliance (KCM GRC) platform, your Scopes will include a collection of Requirements. These Requirements are then mapped, or “assigned” to Controls. Controls are defined as the documents, processes, or technical implementations that demonstrate how your organization meets its various compliance requirements.
For more information on KCM GRC Controls, see our KCM GRC: Glossary of Terms.
In this article, you'll find instructions for both mapping Controls to Requirements, and mapping Requirements to Controls. If you're just getting started with your KCM GRC account and you've only created one, or a small number of Scopes, mapping Controls to Requirements may be the easier option for you. Otherwise, if you've created multiple Scopes with numerous Requirements, we recommend mapping Requirements to Controls instead.
First, make sure you've created your Scope's Requirements and the Controls necessary to meet those Requirements. You can either create Controls one-by-one or create Controls in bulk. Follow our Getting Started with the KCM GRC Platform guide for assistance with creating Scopes and Controls.
Mapping Controls to Requirements
Follow the steps below to map the Controls you've created to the applicable Requirement(s).
- Once you've logged into your KCM GRC account, navigate to your Controls Library by clicking Controls from the navigation panel. Here you'll see a list of all the Controls that have been created in your account.
- Scroll or use the Search Control Names search bar to locate a Control you'd like to map to a Scope Requirement.
- From the View Control page, click the Requirements tab and then the Map to Requirement button, shown below.
- From the Map Control to Requirements page, use the + button(s) in the Map to Control column (shown below) to immediately map the Control to one or more applicable Requirements.
You can also use the Search Requirements search bar to quickly find the applicable Requirement(s).
- Once you've finished mapping the Control to the appropriate Requirement(s), click the Done Mapping button at the top-right of the page.
Repeat this process until you've mapped all of your Controls to the applicable Requirements.
After you've finished, you'll need to create a Task Schedule and assign the Control to a User Responsible, see this article for more information.
Mapping Requirements to Controls
Follow the steps below to map your Scope Requirements to the applicable Controls.
- Once you've logged into your KCM GRC account, navigate to the applicable Scope by clicking Compliance > Scopes > View Scopes from the navigation panel.
- From the View All Scopes page, click on the name of the Scope containing the Requirements that need to be mapped to Controls.
- From the View Scope page, click the Requirements tab.
- Under the Requirements tab, click the name of the first (or any) Requirement in the list.
- From the View Requirement page, click the Map to Control button. A list of all Controls will be displayed.
- Scroll or use the Search Controls search bar to locate the appropriate Control for the Requirement.
- Use the + button in the Map to Requirement column to immediately map the Requirement to one or more applicable Controls.
- Once you've finished mapping the Requirement to the appropriate Control(s), click the Done Mapping button at the top-right of the page.
Navigate through the Scope's remaining Requirements and repeat this process until you've mapped all applicable Requirements to at least one Control.
After you've finished, you'll need to create a Task Schedule and assign the Control to a responsible user, see this article for more information.