- Stream 1: Certification Schemes: Allows users to upload, compare, customize, and map certification schemes and controls.
- Stream 2: Targets of Evaluations: Allows users to define certification targets, link evidence tools, and manage access rights.
- Stream 3: Audit Scopes: Combines schemes and targets to review results, assign tasks, and generate assessments and reports.
This post takes a closer look at Stream 1: Certification Schemes, with a particular focus on the central role of metrics-to-controls mapping.
Overview of Certification Schemes
Stream 1 is a core component of the EMERALD Compliance-as-a-Service workflow and supports the structured management of certification schemes. Upon entering the certification schemes section of the EMERALD UI, users are presented with a consolidated overview of all available schemes as presented in Figure 1 below. Each entry displays key metadata such as the scheme version and the date and time of upload.
Depending on their access rights, users can open a certification scheme to explore its content, initiate the mapping of controls and metrics, or remove outdated versions. This centralized overview enables organizations to unify, compare, and standardize multiple compliance frameworks within a single interface.
Mapping Metrics to Controls
One of the most important functionalities of Stream 1 is the mapping of metrics to controls, which translates certification requirements into measurable and verifiable compliance evidence, as shown in Figure 2. This process is supported by the MARI tool that offers AI-based metric suggestions. The metrics-to-controls mapping view is accessible directly from the certification scheme overview and follows a structured workflow that explicitly prioritizes human oversight: automated recommendations serve as decision support, while users retain full control to review, adapt, or modify all suggested mappings.
Figure 2 shows that for each selected control, EMERALD presents a ranked list of suggested metrics, including metric identifiers, similarity scores, short descriptions, sources, and operators. Users can remove unsuitable metrics, add missing ones from the complete metrics catalogue, and finalize the mapping by saving it. Saving a mapping simultaneously marks it as approved.
This final approval step marks the mapping as validated and ensures that all AI-assisted recommendations are transparent, accountable, and explicitly approved by domain experts before use.
From Requirements to Measurable Compliance
By linking certification controls to concrete metrics, Stream 1 bridges the gap between formal compliance requirements and operational evidence. Rather than treating certification as a static checklist, EMERALD enables continuous and measurable compliance monitoring. The metrics-to-controls mapping ensures that each control is backed by relevant reusable data points, improving transparency, auditability, and trust.
In summary, Stream 1 of the EMERALD interface provides a comprehensive environment for managing certification schemes, with metrics mapping serving as the foundation for evidence-based and scalable compliance management.