Setting up your first framework

  • Quick Start vs Framework Only Import 
  • Selecting a framework
    • Overview screen
    • Objective screen
  • Filling out objectives
    • Direct management
    • Managing through controls
  • Next Steps
    • Manual mapping with frameworks
    • Centralized mappings with internal controls

 

Quick Start vs Framework Import?

 

Oftentimes using ControlMap's Quick Start feature to launch either SOC 2 or ISO 27001 with pre-mapped policies and evidence makes sense especially if it is your first time launching either of those specific frameworks. However, what if you want to start with a different framework or manually map policies and evidence based on prior work elsewhere? In the linked article, we review how to use Quick Start, and how to take advantage of its automations  and in this article we review the alternative. That is to launch a framework and it's controls only without QuickStart. 

 

Importing a Framework and it's controls only makes sense if you've already developed a comprehensive set of controls that work for your organization, or if you need to start with an industry-specific framework like HIPPA, then a manual setup may be the correct choice for you.

 

Selecting a framework

   

Navigate to "My Frameworks" on the left navigation bar. Then click the purple "New Framework" button.

 

kLbZiiT59_Iimm1F37tJdPKwtrs1wRIeXw.gif

 

 

Here you see a list of frameworks. The Quick Start frameworks are listed at the top, while the remaining frameworks are listed under "All Frameworks". Select the framework you would like to start with.

 

Importing

Once you have clicked on a framework, you will be asked to Start Content Import. Click "Start Import" and the import will begin.

   

o40kmH11ercf4LYv_eOC2yWYpqLWzsNVLw.gif

 

After the import is completed, you will see a list of framework requirements. You can drill down into these objectives to see the mapping options you have available to you.

 

Spy4AmcRFgbUeiXtW7IUQqxy1VyPWlQLUA.gif

 

Next Steps

 

From here, you have many options for managing your compliance framework. You can manually map policies and evidence to each requirement, or you can use internal controls to centralize and mesh together the mappings.