Policy-to-Control Mapping
Mapping Template
| Standard | Control | Evidence | Owner | Frequency |
|---|---|---|---|---|
| PRD-STD-002 | Mandatory human review | PR approvals | Eng Manager | Per PR |
| PRD-STD-004 | Security scans in CI | Scan logs | Security Engineer | Per PR |
| PRD-STD-007 | Quality gates | CI reports | Platform Engineer | Per PR |
| PRD-STD-008 | License checks | Dependency reports | Compliance Officer | Weekly |
Operating Rule
Every control must have an accountable owner and retrievable evidence.