Despite ISMS Copilot being trained on control references of most information security standards, the safest approach to preventing hallucinations is directly providing the control lists you need to work with.
When you copy-paste the exact controls you're working with into your prompt, you:
Copy-paste both source and target framework controls :
I need to map these ISO 27001 controls:
A.5.1 - Information security policies
A.5.2 - Review of the information security policies
To these NIST CSF controls:
ID.GV-1: Organizational information security policy is established
ID.GV-2: Information security roles & responsibilities are coordinated
For complex mappings, provide in batches : Break down large frameworks into manageable sections (5-10 controls at a time)
Include control descriptions when available : The more context you provide, the more accurate the mapping will be
Here are our current controls:
[paste your organization's controls]
I need to map these to ISO 27001:2022 Annex A controls:
[paste relevant ISO controls]
Please identify gaps and suggest improvements.