Computer attacks occur in a constantly changing environment. To meet these challenges, it is necessary to implement a global approach to risk management within the organization. The mapping of the Information System allows to have a global view of all the elements which compose the information system to obtain a better readability, and thus a better control. The elaboration of a cartography participates in the protection, the defense and the resilience of the information system. It is an essential tool for the control of its Information System and is an obligation for Operators of Vital Importance (OVI) and is part of a global risk management and a global risk management approach. At a time when cyberattacks are growing in number and complexity, it is necessary for organizations to develop a general risk management strategy. As part of an overall approach, Mercator is a key tool in keeping control over the information system. It provides insight into all of the information system’s components and a clearer picture of the information system by presenting it from different angles. Mercator helps organisations mapping their information systems in order for them to meet the operational requirements of cybersecurity. It helps to build a map in five simple, practical steps. It can be used by any organisation, irrespective of their type, size, maturity in terms of cybersecurity or the complexity of their information system. It is Open Source and can be used by organisations in the public and private sectors alike.