I think our approach to ISO 27001 documentation is a little different, so forgive me if my perspective is not completely aligned. Disclosure done, I would handle what your situation by uploading your ISMS (single document?) as a Document (or Policy, depending on the particulars of your use case) and then mapping the 50 controls that are supported by that Document. That solves the multi-upload situation, but still requires mapping the controls. This is tedious but much less work and less messy to maintain than uploading the same Document 50 times. There is an API solution for doing the mapping: API Mapping Workflow To link an existing document to a control programmatically, follow these steps: Retrieve IDs: You must first obtain the unique documentId and controlId for the items you wish to link. List controls using GET /controls.
List documents using GET /documents.
Execute the Mapping: Use the following POST endpoint to create the link:
Endpoint: POST /controls/{controlId}/documents.
Action: This adds a mapping between the specified control and document, effectively using the document as evidence for that control.
