Skip to main content

Exporting your control mapping

Download your control and requirement mapping for distribution

Updated over a week ago

Often, your auditor or internal team will request a mapping of your controls and requirements. Drata allows you to export them for easy distribution.

BEFORE DIVING IN

Only Administrators and the Information Security Lead have access to this section within Drata.

HERE'S HOW

In the upper right corner of your 'Frameworks' page, select the settings icon.

You will then be given the option to download 'Requirements to controls' or 'Controls to requirements'.

  • Requirements to controls shows data starting from the SOC 2 Trust Services Criteria (TSC).

    • It maps each SOC 2 requirement to the relevant controls, with a separate line item for every requirement.

    • Because a single control can map to multiple requirements, some controls may appear multiple times in column F.

  • Controls to Requirements shows data starting from the Drata Control Framework.

    • It lists each control and shows the requirements it maps to.

    • Each control appears once, with its corresponding mapped requirements.

Upon downloading, you will be provided a CSV file including your controls and requirements. Any controls that have been marked as 'Out of Scope' will not be included in the CSV download.

Did this answer your question?