Articles on: Compliance
This article is also available in:

Controls Overview

🛡️ Controls Framework


"From policies to proof: manage, review, and improve your controls in one place."
Centralize your policies and procedures, track their maturity, and stay audit-ready at all times.


Managing controls (policies, procedures, standards, guidelines) becomes complex as organizations grow. Without structure, ownership, and review cycles, controls quickly become outdated and ineffective.


Brainframe’s Controls module provides a central dashboard where you can manage all your controls, track their maturity, and ensure regular reviews with minimal effort.




1️⃣ Accessing the Controls Module


Compliance → Frameworks → Control overview


This opens the Control Overview screen, giving you an immediate, organization-wide view of your control posture.




2️⃣ Control Overview Dashboards


The top section of the page provides real-time dashboards that summarize the state of your controls.


High-level metrics


  • Total controls
  • Number of controls that are mitigating, **meaning they are **actively reducing risks **and meeting requirements.**


Control maturity overview


This chart shows the implementation maturity of your controls, based on the maturity level that you defined for your organization.


Use this view to quickly identify controls that are:

  • Missing or incomplete
  • Implemented but not governed
  • Fully mature and audit-ready



Document maturity overview


This chart focuses on the documentation lifecycle of your controls, which can be defined independently of the control maturity, and allows you to gain visibility on where you have to improve your documentation.



This helps distinguish between:

  • Controls that exist but are undocumented
  • Controls that are documented but not reviewed
  • Controls with a complete governance lifecycle


Tip: A high documentation maturity will save countless hours of work during audits.



Overdue reviews


This panel highlights controls with overdue review dates:


  • Control identifier and name
  • Number of days overdue


This ensures outdated policies and procedures are immediately visible and addressed.




3️⃣ Controls Inventory Table


Below the dashboards is the exhaustive list of all controls registered in Brainframe, along with the relevant metadata to have visibility on ownership, control & documentation maturity, and next review dates.


Search and filtering


You can refine the control list using:


  • Search by name or identifier
  • Filter by control maturity
  • Filter by review status (overdue, upcoming)




4️⃣ Framework Mapping


Controls can be linked to multiple compliance frameworks simultaneously (e.g. ISO 27001, GDPR, NIS2, DORA).


This enables:


  • Reuse of the same control across standards
  • Consistent maturity reporting
  • Reduced duplication and maintenance effort


When the Frameworks mapping button is clicked, you will be presented with this view ⬇️



The Framework Mapping view provides a cross-framework overview of how controls are mapped to compliance requirements.


It allows you to visually assess control coverage across multiple standards and regulations in a single table.


What this view shows


  • Each row represents a control (policy, procedure, or other control document).
  • Each column represents a compliance framework (e.g. GDPR, ISO/IEC 27001, ISO/IEC 27002, NIS2).
  • Each cell shows the requirements that the control is mapped to within that framework.


Mapped requirements are displayed as the requirement IDs and titles.

Empty cells indicate that the control is not yet mapped to that framework.


This allows you to quickly identify controls that are:

  • Reused across multiple frameworks
  • Missing mappings for specific regulations
  • Add or update mappings directly from the table
  • Search controls by name or identifier
  • Filter which frameworks are displayed


When you click on the inside of a cell, you can link more requirements to the control of the corresponding row:


In this case, we clicked on the cell between the "Access Policy" control and the "ISO/IEC 27001" framework, and we can select all the requirements that this control can be mapped to in the standard.


Why this matters


Framework Mapping helps you:


  • Reduce duplication by reusing the same control across standards
  • Demonstrate coverage during audits and assessments
  • Identify gaps where requirements lack supporting controls
  • Maintain consistent governance as new frameworks are added


This view is especially useful for organizations managing multiple overlapping regulations such as ISO 27001, GDPR, NIS2, and sector-specific frameworks.




5️⃣ Best Practices


  • Define ownership early, as unassigned controls quickly become outdated
  • Keep review cycles realistic, especially for critical controls
  • Use maturity ratings honestly. Accuracy beats optimism in audits
  • Always link controls to risks and requirements
  • Monitor overdue reviews regularly



🎯 Visual Checklist


  • [x] Controls module accessed
  • [x] All controls centrally listed
  • [ ] Control ownership assigned
  • [ ] Control maturity evaluated
  • [ ] Document maturity configured
  • [ ] Review cycles defined
  • [ ] Controls linked to frameworks and risks


Updated on: 04/02/2026

Was this article helpful?

Share your feedback

Cancel

Thank you!