Compliance & ISO — run a validation
Manage frameworks (ISO 27001, NIS2, GDPR/AVG …), controls and evidence with a live compliance score. You enable the frameworks you need, work through their controls, attach evidence, and run automated validation checks against your assets and connected systems. Everything rolls up into an audit-ready export.
Steps
1. Enable the frameworks you need
In the Framework packs table, click Enable next to each standard you must comply with (e.g. ISO 27001, NIS2, GDPR). Their controls then appear in the checklist, gap analysis and exports.
2. Work through the controls
In the Controls table, set each control's Status (not started → in progress → implemented → validated), assign an Owner and a Next review date, and add notes. Use SoA (Statement of Applicability) to mark controls Applicable or Not applicable.
3. Attach evidence
Click Add evidence (or the upload icon on a control / a gap). Enter the control reference, a title, the framework, and the evidence and expiry dates, then Save. Submitted evidence can be Approved or Rejected by a reviewer; expiring evidence raises alerts.
4. Run a validation (automated checks)
In the Monitoring card (or the Automated controls section) click Run now. The app scans your assets and connected integrations and reports, per check, how many items are compliant versus gaps. Click a check with gaps to see exactly which assets fail and jump straight to them.
5. Schedule monitoring & manage drift
Set the check schedule to Off, Daily or Weekly. When a previously-compliant control drifts, it is highlighted in the drift alert so you can act before an audit.
6. Track risks, audits, policies & tasks
Add risks to the risk register (likelihood × impact = score, with a treatment plan), create audits and log findings, draft and approve policies (AI-assisted), and create one-off or recurring compliance tasks — all from this page.
7. Export an audit package
Click Export package for a full audit-ready report (asset register, risk register, control coverage, evidence and audit trail), or SoA to export the Statement of Applicability. The compliance score breakdown shows how each area (controls, evidence, tasks, actions, risk) is weighted.
TIP
Most create/edit/approve actions need the Compliance role; everyone can view the dashboards, registers and catalog read-only. Validation checks need at least one integration connected to be meaningful.