Map Controls to a Risk

Once a risk is scored, the next step is to define how it is mitigated. In Sprinto, you do this by mapping security controls to each risk. Controls are preventive or corrective measures that reduce the likelihood or impact of the risk.

Access the Controls Mapping Section

To get started, navigate to a risk that is already scored:

1. Go to Risks from the left navigation.

2. Click on the Risk Register tab.

3. Locate and click on a scored risk.

4. Scroll to the Controls to treat the risk section.

5. Click Map controls (Sprinto AI assisted) to open the mapping panel.

Map Controls Manually

1. In the mapping panel, use the left navigation to filter by control category (e.g. People, Policies, Risks).

2. Use the search bar to find relevant controls by number, description, or framework.

3. Select one or more controls using the checkboxes.

4. Review the control details including:

   • Control description

   • Associated Frameworks (e.g. ISO 27001, PCI DSS)

   • Control owner (if assigned)

5. Click Save mapping.

✅ Once mapped, the controls are listed under the selected risk and reflected in audit documentation and reports.

Use AI-Assisted Mapping (Optional)

Sprinto provides intelligent control suggestions based on risk profile and category.

1. Click the Sprinto AI tab from the mapping panel.

2. Review the list of suggested controls.

3. Select the ones that apply.

4. Click Save Mapping.

💡 AI-assisted mapping is especially useful when dealing with bulk-uploaded risks or similar risk types.

Review and Edit Mappings

• To remove a control, click the bin icon next to the mapped control.

• To edit a control’s attributes, click into the control’s linked details view.