Requirements and Controls

How to Map Requirements and Controls

In your KCM GRC platform, your scopes will include a set of requirements. You can map these requirements to controls to demonstrate how your organization meets its various compliance requirements. For more information about scopes, requirements, and controls, see our Glossary of Compliance Terms.

Note: Under the Risk Management module, you can use also map controls to risks to document the preventative measures that your organization is using to defend against risks. For more information, see our How to Create and Map Risk Controls article.

In this article, you can find instructions for mapping controls and requirements. If you're just getting started with KCM GRC and you've only created a small number of scopes, mapping controls to requirements may be the easier option for you. If you've created multiple scopes that have requirements, we recommend mapping requirements to controls instead.

See the sections below to learn how to map controls to requirements, map requirements to controls, and unmap requirements and controls.

Prerequisites

Before you can map requirements and controls, you will need to complete the actions listed below:

  1. Create a scope that contains a set of requirements. You can create a scope by converting a managed template or a custom template into a scope. For more information, see our How to Convert a Template to a Scope article. 
  2. Create controls for the requirements in the scope. You can either create controls individually or in bulk. For more information, see our How to Create Controls from Scoped Requirements article.

Mapping Controls to Requirements

Once you've created controls and requirements, you can map the controls to one or more scoped requirements.

To map a control to a requirement, follow the steps below:

  1. From your navigation panel, select the Controls tab.
  2. In the Name column, select a control. When you select a control, you'll be taken to the View Control page.
  3. Scroll to the bottom of the View Control page.
  4. Select the Requirements subtab. 
  5. Click the Map to Requirements button. When you click this button, a window will display a list of requirements that you can map to the control. 
    Note: If a requirement is included in more than one scope, each scoped version of a requirement will display in this window. You will need to map the control to each scoped version of the requirement.
  6. Click the check box next to each requirement you would like to map the control to. 
  7. Click the Save button.
  8. Repeat steps 1-8 above until you've mapped all of your controls to requirements.
    Tip: To navigate back to the Controls Library from the View Control page, click Controls in the top-right corner of the page.

After you've finished mapping controls to requirements, we recommend that you create tasks for the mapped controls. Creating tasks can help you ensure that your organization is continuously satisfying the control and the requirements that are mapped to the control. For more information, see our How to Work with Tasks for Controls article.

Mapping Requirements to Controls

Once you've created a scope that contains a set of requirements, you can map the requirements to controls. 

To map scoped requirements to controls, follow the steps below: 

  1. From your navigation panel, navigate to Compliance > Scopes.
  2. In the Name column, select the scope containing the requirements that you want to map to controls. When you select a scope, you'll be taken to the View Scope page.
  3. Select the Requirements subtab. 
  4. From the Name column of this subtab, select a requirement that you would like to map to a control. When you select a requirement, you'll be taken to the View Scoped Requirement page. 
  5. In the Controls section of the page, click the Map Controls to Requirement button. When you click this button, a window will display all of the controls that are available in your account. Map Controls to Requirement button
  6. Select the checkbox next to the controls that you would like to map the requirement to.
  7. Click the Save button. Then, under the Controls area of the View Scoped Requirement page, you can view the controls that you mapped. 
  8. Repeat steps 5-8 above, for each of the remaining requirements in your scope.
    Tip: To open the next requirement in your scope, click the Next Requirement button in the top-right corner of the page.

After you've finished mapping requirements to controls, we recommend that you create tasks for the mapped controls. Creating tasks will help you ensure that your organization is continuously satisfying the control and the requirements that are mapped to the control. For more information, see our How to Work with Tasks for Controls article.

Unmapping Requirements and Controls

To unmap requirements and controls, you can either unmap requirements from controls or unmap controls from requirements. These methods will both remove the mapping between the requirement and the control, so you can choose your preferred method. 

To learn how to unmap requirements and controls, see the subsections below.   

Unmapping Requirements from Controls

From the View Control page, you can unmap a requirement from a control.

To unmap a requirement from a control, follow the steps below:

  1. From your navigation panel, select the Controls tab. 
  2. From the Name column, select a control. When you select a control, you'll be taken to the View Control page. 
  3. From the View Control page, select the Requirements subtab.
  4. Click the Unmap button next to the requirements that you would like to unmap from the control. 

Unmapping Controls from Requirements

From the View Scoped Requirement page, you can unmap a control from a requirement.

To unmap a control from a requirement, follow the steps below:

  1. Navigate to Compliance > Scopes from your navigation panel. 
  2. Under the Name column, select a scope. When you select a scope, you'll be taken to the View Scoped Requirement page. 
  3. Select the Requirements subtab. 
  4. From the Name column of this subtab, select a requirement name. When you select a requirement, you'll be taken to the View Scoped Requirement page. 
  5. From the Controls section of the page, click the Unmap button next to any controls that you would like to unmap from the requirement.  View Scoped Requirement page, circled Unmap button under the Control area

Can't find what you're looking for?

Contact Support