Compliance Frameworks
License industry-standard frameworks or create custom frameworks for your compliance needs
Compliance frameworks are structured sets of security controls organized into control groups. They provide the foundation for your audit programs and define which controls need to be tested.
Platform Frameworks
Pre-built frameworks like ISO 27001, SOC 2, PCI-DSS available in the marketplace for licensing.
Custom Frameworks
Create your own frameworks with custom control groups and controls tailored to your needs.
Licensing a Framework
Navigate to Frameworks
Go to Audit Management → Frameworks in the sidebar.
Browse Marketplace
Browse available frameworks like ISO 27001, SOC 2, PCI-DSS, NIST, etc. Review framework details, control groups, and pricing.
License Framework
Click "License Framework" on the framework you want to use. The framework will be copied to your tenant and available for use in audit programs.
Verify Framework
The framework will appear in your "My Frameworks" section. You can now use it to create audit programs.
Framework Structure
Control Groups
Logical groupings of related controls. For example, ISO 27001 has control groups like:
- Access Control (A.9)
- Cryptography (A.10)
- Operations Security (A.12)
- Communications Security (A.13)
Controls
Individual security requirements within control groups. Each control has:
- Control ID (e.g., A.9.1.1)
- Control Name
- Description
- Assessment Questions
Popular Frameworks
International standard for information security management. Includes 114 controls across 14 domains.
PremiumTrust services criteria covering security, availability, processing integrity, confidentiality, and privacy.
PremiumSecurity standard for organizations that handle credit card information. 12 requirements with multiple controls.
PremiumFramework for improving critical infrastructure cybersecurity. Five core functions with categories and subcategories.
Premium