nexalign

Glossary term

Compliance mapping

Also: Regulatory mapping, Control mapping

The explicit link between a decision (vendor, architecture, control) and the specific regulatory articles, controls or standards it satisfies. Without compliance mapping, a memo cannot be defended under audit against a named clause.

Compliance mapping is the connective tissue between a decision and the regulatory framework it sits inside. A memo that says the decision is DORA-compliant without mapping to Art. 5, Art. 28 or Art. 30 is not actually audit-ready; the auditor will ask which article exactly.

Usable mapping lists the article or control in full, summarises the expectation in one sentence, and states which part of the decision satisfies it, with a link to the evidence. If the same decision maps to multiple frameworks (DORA plus NIS2 plus ISO 27001), the mapping is layered, not duplicated.

In DecisionOS, compliance mapping is a first-class field on each memo so the same structural data drives the audit view, the board view and the vendor-due-diligence view without rework.

Related terms

DORA ICT risk management

The EU Digital Operational Resilience Act regulates the operational resilience of financial entities

NIS2 Art. 20

The NIS2 article that makes the management body of an essential or important entity directly account

Audit-ready decision

A decision whose record is structured, evidence-backed and stakeholder-signed to a level that a thir

← All termsBook a demo →