Governance

Compliance mapping

Compliance mapping connects technical vulnerability evidence and remediation activity to control intent, governance obligations, and audit-ready reporting narratives.

For: compliance teams, auditors, governance leads, and procurement reviewers.

Last updated: 28 April 2026

Mapping principles

Mapping is evidence-first. Controls are not marked as effective from policy statements alone; supporting operational data and lifecycle outcomes are required to justify assurance positions.

Evidence-linked control view

Control narratives should link to underlying findings, remediation state, verification status, and historical snapshots so reviewers can trace statements to source evidence.

Audit readiness

The goal is defensibility: the same evidence base should support internal reviews, board reporting, and external assurance activities without requiring manual reassembly for each request.

Related documentation

Was this page helpful?

Trust and legal

Trust and legal baselinePrivacy notice (POPIA)PAIA ManualCookie and tracking noticeWebsite termsSecurity testing authorizationPlatform termsResponsible disclosure