Aller au contenu principal
Version: Next 🚧

Compliance Frameworks

Manage compliance with industry-standard security frameworks and regulatory requirements.

Supported Frameworks​

Security Frameworks​

NIST Cybersecurity Framework​

Comprehensive cybersecurity guidance:

  • Identify
  • Protect
  • Detect
  • Respond
  • Recover

ISO 27001​

Information security management:

  • 114 controls
  • 14 control domains
  • Certification support
  • Continuous compliance

SOC 2​

Trust services criteria:

  • Security
  • Availability
  • Processing Integrity
  • Confidentiality
  • Privacy

CIS Controls​

Prioritized security actions:

  • Implementation Groups (IG1, IG2, IG3)
  • Specific safeguards
  • Measurable outcomes

Industry Regulations​

PCI DSS​

Payment card security:

  • 12 requirements
  • Quarterly assessments
  • Merchant levels
  • Service provider requirements

HIPAA​

Healthcare data protection:

  • Privacy Rule
  • Security Rule
  • Breach notification
  • Business associates

GDPR​

Data privacy (EU):

  • Data subject rights
  • Processing requirements
  • Cross-border transfers
  • Breach notification

Managing Frameworks​

Adding Frameworks​

  1. Navigate to Compliance → Frameworks
  2. Click Add Framework
  3. Select framework from library
  4. Configure scope
  5. Begin mapping

Framework Dashboard​

For each framework:

  • Compliance percentage
  • Control status
  • Gap count
  • Last assessment

Scoping​

Define what's in scope:

  • Business units
  • Systems
  • Data types
  • Locations

Control Management​

Viewing Controls​

  • Control list by domain
  • Status indicators
  • Ownership
  • Evidence links

Control Details​

For each control:

  • Control description
  • Requirements
  • Implementation guidance
  • Evidence requirements
  • Assessment history

Control Status​

  • Implemented - Fully compliant
  • Partially Implemented - Gaps exist
  • Not Implemented - Not in place
  • Not Applicable - Out of scope

Assessment Process​

Conducting Assessments​

  1. Select controls to assess
  2. Gather evidence
  3. Evaluate compliance
  4. Document findings
  5. Update status

Assessment Types​

  • Self-assessment
  • Internal audit
  • External audit
  • Continuous monitoring

Assessment Schedule​

  • Annual full assessments
  • Quarterly reviews
  • Continuous monitoring
  • Event-triggered assessments

Evidence Management​

Evidence Requirements​

Each control specifies:

  • Required evidence types
  • Collection frequency
  • Retention period
  • Format requirements

Collecting Evidence​

  • Automatic collection (integrations)
  • Manual upload
  • Screenshot capture
  • Document linking

Evidence Review​

  • Review and approve
  • Link to controls
  • Version management
  • Audit trail

Gap Remediation​

Identifying Gaps​

  • Assessment findings
  • Failed controls
  • Missing evidence
  • Partial implementation

Remediation Planning​

  1. Prioritize gaps
  2. Define remediation actions
  3. Assign owners
  4. Set deadlines
  5. Track progress

Tracking Progress​

  • Remediation status
  • Due date tracking
  • Owner accountability
  • Escalation procedures

Framework Mapping​

Cross-Framework Mapping​

Map controls across frameworks:

  • Common requirements
  • Reduce duplication
  • Single evidence
  • Unified view

Custom Mappings​

Create your own mappings:

  • Internal requirements
  • Customer requirements
  • Custom frameworks
  • Combined views

Reporting​

Framework Reports​

  • Compliance summary
  • Control details
  • Gap analysis
  • Trend analysis

Certification Support​

  • Evidence packages
  • Assessment documentation
  • Auditor access
  • Certification tracking

Best Practices​

  1. Start with one framework - Build competency
  2. Map controls completely - Full coverage
  3. Assign owners - Clear accountability
  4. Gather evidence continuously - Don't wait for audits
  5. Use cross-mapping - Reduce duplication
  6. Track trends - Monitor improvement

Related: