Sprinto Dashboard

Map Security Controls to Policies

Link your policies to relevant controls to support evidence collection and compliance reporting.

Sprinto allows you to map each policy, procedure, or document to one or more security controls. Control mapping is essential for frameworks such as ISO 27001, SOC 2, and GDPR, where written documentation must directly support control implementation.

You can map controls manually or use Sprinto’s AI-assisted suggestions.

Before you begin

  • Ensure the policy or document is in Draft or Active status.

  • Make sure you have the required role (Administrator or InfoSec Owner) to modify control mappings.

  • Note that pre-mapped policies generated from Sprinto templates cannot be edited.

Ways to map controls

Method
Description

Manual mapping

Select controls directly from the available control categories.

AI-assisted mapping

Use Sprinto AI to generate control suggestions based on policy content.

Manually map controls to a policy

  1. Navigate to the All policies & docs tab.

  2. Click on the policy or document you want to map.

  3. In the Controls mapped to policy section, click Map controls.

  1. Use the search bar or browse categories to select relevant controls. You can also click Generate suggestions to get AI assistance in mapping controls.

  2. Click Save mapping after you select the controls you wish to map to your policy.

Mapped controls are listed in the policy details view. These mappings are also visible during audits and evidence exports.

Use AI-assisted control mapping

  1. Open the desired policy.

  2. In the Controls mapped to policy section, click Map controls.

  3. From the left-hand panel, select Sprinto AI.

  4. Click Generate suggestions.

  1. Review the AI-suggested controls (identified by a Sprinto-AI icon).

  2. Select the controls you want to map.

  3. Click Save mapping.

If needed, you can override AI suggestions by adding additional controls manually.

View mapped controls

Once saved:

  • All mapped controls are visible in the Controls mapped to policy section.

  • Mapped policies serve as evidence for those controls during audits.

  • Reviewers and approvers can see the mappings during the policy approval workflow.

Limitations

  • Template-generated policies come with predefined control mappings that cannot be modified.

  • Uploaded PDFs or synced documents must first be approved before controls can be mapped.

  • Controls can only be mapped if they exist in the active framework enabled for your organisation.

Next steps

Once controls are mapped:

  • The policy contributes to the “Document should be mapped” check.

  • The policy is available as evidence in control drawers during audit preparation.

  • You can monitor the mapping status from the Monitoring tab.

PreviousReview Policies with CommentsNextManage Policy Branding and Downloads

Last updated