n:m relation between reference controls and applied controls

[magic-k]

Ciso Assistant allows only 1:n relations between reference controls and applied controls meaning one reference control can have multiple assigned applied controls but applied controls can only have on reference control.
We do have quite a few measures that relate to multiple ISO controls, like e.G. a "working contract" relates to
5.4 Management responsibilities
6.4 Disciplinary process
6.5 Responsibilities after termination or change of employment
6.6 Confidentiality or non-disclosure agreements

As the contract contains passages for these themes.
In an audit, that follows the reference controls that could lead to overlooking applied controls or non-conformities that are not related to the applied control that failed the audit.

[omni-front]

For handling an n:m relation between reference controls and applied controls, this is currently not supported directly by Ciso Assistant as it only allows 1:n relations. However, you might consider using a workaround by creating composite reference controls that encompass multiple ISO controls or using tags/labels to link applied controls to multiple reference controls. Check the Docs section at intuitem.gitbook.io/ciso-assistant for potential features or community discussions that might offer more tailored solutions.