How Do I Map Requirements and Controls in My KCM GRC Platform?

In your KCM Governance, Risk, and Compliance (KCM GRC) platform, your scopes will include a collection of requirements. These scoped requirements are then "mapped", or linked to, controls. Controls are defined as the documents, processes, or technical implementations that demonstrate how your organization meets its various compliance requirements.
For more information on scopes, requirements, or controls, please see our KCM GRC: Glossary of Terms.

In this article, you'll find instructions for both mapping controls to requirements and mapping requirements to controls. If you're just getting started with your KCM GRC account and you've only created one, or a small number of scopes, mapping controls to requirements may be the easier option for you. If you've created multiple scopes with numerous requirements, we recommend mapping requirements to controls, instead.

See the following sections to learn more.

Jump to: 

Prerequisites
Mapping Controls to Requirements
Mapping Requirements to Controls
Unmapping Requirements and Controls

• Unmapping Requirements from the View Control Page
• Unmapping Controls from the View Scoped Requirement Page

Prerequisites

Before you can map requirements and controls, be sure the following tasks are complete:

1. You have created a scope that contains a set of requirements.
   • Scopes are typically created from a managed template or a custom template. For more information see our Converting Templates to Scopes article. 
2. You have created controls for the requirements in this scope.
   • You can either create controls one-by-one or create controls in bulk. For instructions, see our Creating and Importing Controls article.

Back to top

Mapping Controls to Requirements

You have the option to map a control to one or more "scoped" versions of a requirement. Meaning, if a control applies to a requirement that is included in multiple scopes, you will map the control to each scoped version of the requirement. 

Follow the steps below to map a control to the applicable requirement or requirements:

1. Click Controls from the navigation menu on the left-hand side of your account.
2. Scroll or use the search bar under the Name or Description columns to find the control that you want to map to a requirement.
   
3. From the Name column, click the control name to open the control.
4. Toward the bottom of the View Control page, you will see six tabs. Click the Requirements tab. 
   
5. Click the Map to Requirements button. 
6. Use the search bar under the Name column or Description column to find the requirement or requirements that are applicable to this control (shown below).
   
   Or, to scroll through all of your requirements, click the arrows at the bottom of the window.
   
   Note: If a requirement exists in more than one scope, each scoped version of a requirement is displayed in this window. Map the control to each of the applicable scoped requirements.
7. Click the checkbox on the left-hand side of each requirement that the control should be mapped to.
   
8. When you've finished making your selections, click Save.
9. Now, repeat steps 1-8, above, until you've mapped all of your controls to the applicable requirements.
   
   Tip: To navigate back to the Controls Library from the View Control page, click Controls in the top right-hand corner of the page (click to view).

After you've finished your control-to-requirement mappings, you will create task schedules for the mapped controls. Creating task schedules will ensure that your organization is continuously satisfying the control, and therefore, satisfying the associated (mapped) requirements. To learn more about creating task schedules for controls, see our Working With Task Schedules for Controls article.

Back to top

Mapping Requirements to Controls

Once you've created a scope that contains a set of requirements, you can map the requirements to the appropriate controls. 

Follow the steps below to map your scoped requirements to controls: 

1. Open the scope containing the requirements that you want to map to the appropriate controls. From the navigation menu on the left side of your account, click Compliance > Scopes.
2. From the View All Scopes page, click the scope name under the Name column to open the scope. 
   
3. Click the Requirements tab. 
   
4. Open the first requirement that you want to map to a control by clicking the requirement name under the Name column.
5. From the View Scoped Requirement page, click the Map Controls to Requirement button.
   
6. The Map Controls to Requirement window shows all of the controls that are available in your account. Use the search bar under the Name column or Description column to find the control or controls that are applicable to this requirement (shown below).
   
   Or, to scroll through all of your controls, click the arrows at the bottom of the window.
   
7. Click the checkbox on the left-hand side of each control that the requirement should be mapped to.
   
8. When you've finished making your selections, click Save. Then, under the Controls area of the View Scoped Requirement page, you will see the control that you have just mapped. 
9. Repeat steps 5-8 above, for each of the remaining requirements in your scope. To open the next requirement in your scope, click the Next Requirement button in the top-right corner of the page. 

After you've finished your requirement-to-control mappings, you will create task schedules for the mapped controls. Creating task schedules will ensure that your organization is continuously satisfying the control, and therefore, satisfying the associated (mapped) requirements. To learn more about creating task schedules for controls, see our Working With Task Schedules for Controls article.

Back to top

Unmapping Requirements and Controls

There are two areas in your account where you can remove (unmap) the relationship between a requirement and a control: The View Control page and the View Scoped Requirement page. See the following sections to learn more. 

Unmapping Requirements from the View Control Page

Open the control that you wish to unmap a requirement from. Follow the steps below:

1. Click Controls from the navigation menu on the left-hand side of your account.
2. Scroll or use the search bar under the Name or Description columns to find the control that you want to unmap from a requirement.
   
3. From the Name column, click the control name to open the control.
4. From the View Control page, click the Requirements tab.
   
5. Here you will see the scoped requirements that are mapped to this control. Click the Unmap button to the right of the requirement or requirements that you would like to unmap, as shown below.
   

Back to top

Unmapping Controls from the View Scoped Requirement Page 

Open the scoped requirement that you wish to unmap from a control. Follow the steps below:

1. Navigate to the scope that contains this scoped requirement. Click Compliance > Scopes from the menu on the left-hand side of your account.
2. From the View All Scopes page, open the scope by clicking the scope name under the Name column. 
   
3. Click the Requirements tab. 
   
4. Use the search bar under the Name column or Description column to find the requirement that you want to unmap from a control. From the Name column, click the requirement name to open the requirement.
5. From the Controls area of the View Scoped Requirement page, you'll see the controls that are mapped to this requirement. Click the Unmap button on the right-hand side of the control that you would like to unmap.
   

Back to top