Minimizing Hallucinations by Providing Control Lists to ISMS Copilot

Despite ISMS Copilot being trained on control references of most information security standards, the safest approach to preventing hallucinations is directly providing the control lists you need to work with.

Why This Works

When you copy-paste the exact controls you're working with into your prompt, you:

How to Effectively Provide Control Lists

For Control Mapping:

  1. Copy-paste both source and target framework controls :

    I need to map these ISO 27001 controls:
    A.5.1 - Information security policies
    A.5.2 - Review of the information security policies
    
    To these NIST CSF controls:
    ID.GV-1: Organizational information security policy is established
    ID.GV-2: Information security roles & responsibilities are coordinated
    
    
  2. For complex mappings, provide in batches : Break down large frameworks into manageable sections (5-10 controls at a time)

  3. Include control descriptions when available : The more context you provide, the more accurate the mapping will be

For Gap Analysis:

Here are our current controls:
[paste your organization's controls]

I need to map these to ISO 27001:2022 Annex A controls:
[paste relevant ISO controls]

Please identify gaps and suggest improvements.

Example Workflow

  1. Prepare your control lists from official documentation
  2. Structure your prompt with clear instructions
  3. Paste relevant controls directly into the prompt
  4. Ask for specific outputs (mapping table, gap analysis, etc.)