Control Mapping
Policy & AuthorityControl Mapping connects extracted or manually defined controls to policies, creating traceability from policy requirements to operational implementation. Each control tracks implementation status, ownership through RACI assignments, and supports documentation through comments and attached documents.
Control mappings can be generated automatically through Content Digestion or created manually. Controls are linked to their parent policies in the Policy Library, and compliance monitoring is handled through Enforcement.
Mapping types
Each control-to-policy mapping has a type that describes how directly the control implements the policy requirement.
| Type | Description |
|---|---|
| DIRECT | The control directly implements a specific policy requirement |
| INDIRECT | The control supports a policy requirement but is not a direct implementation |
| SUPPORTING | The control provides foundational support for multiple policy requirements |
Mapping sources
Mappings are created through one of two sources, tracked for auditability.
| Source | Description |
|---|---|
| MANUAL | Control mapping created manually by a user |
| AUTO_EXTRACTED | Control mapping generated by the Content Digestion AI extraction process |
Control detail page
Navigate to a policy’s Controls tab and select a control to open its detail view. The detail page provides:
- Implementation status with a status badge indicating current progress
- Policy statement that the control addresses
- Implementation requirements describing what must be done to satisfy the control
- RACI Matrix defining Responsible, Accountable, Consulted, and Informed role assignments for the control
- Comments providing a discussion thread for collaboration on the control
- Documents for attaching evidence and supporting documentation
Implementation statuses
Controls progress through four implementation statuses as work advances from identification through verification.
| Status | When to use |
|---|---|
| NOT_IMPLEMENTED | Control has been identified but no work has begun |
| IN_PROGRESS | Implementation is actively underway |
| IMPLEMENTED | Control is in place but not yet verified |
| VERIFIED | Control has been independently verified as effective |
My Control Implementations
Navigate to Policy Lifecycle > My Controls for a personal view of all controls assigned to you. This view filters across all policies to show only controls where you are the control owner or implementer, making it easy to track your personal compliance responsibilities.
Open My Controls
Navigate to Policy Lifecycle > My Controls in the sidebar.
Review assigned controls
The list displays all controls where you are assigned as the owner or implementer, spanning every policy in the tenant.
Update implementation status
Select a control to open its detail page, update the implementation status, add comments, or attach supporting documentation.
Permissions
| Permission | Access |
|---|---|
policy:manage | Create, edit, and delete control mappings, update implementation status, manage RACI assignments |
policy:read | View control mappings, implementation statuses, and attached documentation |