Back to Documentation
Concept Guide7 minute read

Managing Cross-Framework Mappings

Why duplicate work? Probatum allows you to map specific evidence to one control (e.g., SOC 2) and automatically apply it to equivalent controls in other frameworks (e.g., ISO 27001).

The Compliance Many-to-Many Problem

Most companies adhere to multiple frameworks. A single security process, like "Access Control," satisfies requirements across SOC 2, ISO 27001, HIPAA, and GDPR.

Traditionally, you would have to upload and tag the same evidence 4 times. With Cross-Framework Mappings, you do it once.

How it works

Source Control:SOC 2 - CC6.1
Mapped To:
ISO 27001 - A.9.4.1HIPAA - 164.312(a)(1)

When you verify evidence for CC6.1, Probatum automatically tags relevant chunks as "implicitly mapped" to A.9.4.1 and 164.312(a)(1).

How to Use Mappings

  1. Select a Control: Navigate to the Controls Dashboard and find a specific control.
  2. View Related: In the control detailed view, look for the "Cross-Framework Mappings" section.
  3. Verify: Click on a related control ID to jump to that framework and see shared evidence.

Automated by Default

We have pre-seeded our database with over 3,000 industry-standard mappings. You don't need to configure these links yourself; they are ready out of the box.