Frameworks & cross-mapping
Work multiple standards at once and answer a control once to satisfy many.
- 13 built-in frameworks + custom
- Per-project control workflow
- Cross-framework control mapping
- Statement of Applicability & scoring
A multi-framework compliance and ISMS platform, from framework selection through controls, evidence, risk and policy to a defensible auditor handover. Ships built-in frameworks with cross-framework control mapping, automated cloud evidence collection and AI-assisted drafting.
Everything your compliance programme needs, from control tracking to the auditor handover.
Work multiple standards at once and answer a control once to satisfy many.
Capture text, files and URLs, and auto-harvest passing checks from AWS and Azure.
Every ISO 27001 management artefact, not just controls.
Hand auditors a read-only portal and brief the board with one PDF.
Thirteen are built in: ISO/IEC 27001, SOC 2, GDPR/UK GDPR, Cyber Essentials, ISO/IEC 27701, NIST CSF 2.0, HIPAA, PCI DSS v4.0, ISO 22301, ISO/IEC 42001, the EU AI Act, NIST AI RMF and NIS2. You can also create custom frameworks scoped to your organisation.
Yes. It connects to AWS and Azure and turns passing security checks into evidence, the AWS collector reads Security Hub findings via cross-account role or IAM keys, and the Azure collector scans subscription findings, mapping each to your controls.
Through a dedicated, tokenised auditor portal with no login and no access to the rest of your organisation. Auditors browse scoped controls, preview and download evidence, export a zip and leave comments.
It's assistive, not autonomous: gap analysis and audit-readiness reviews, policy-gap analysis, risk suggestions, evidence-freshness checks, ISMS-scope drafts and questionnaire answers. You review and accept every suggestion, nothing is auto-applied.
Full ISMS. Beyond control tracking it covers Scope, Objectives, Statement of Applicability, an asset register, RoPA, DPIA/TIA, internal audits, management reviews, corrective actions and security-awareness training.
Yes. Generate an org-wide board-pack PDF covering posture, risk, incidents, policy, suppliers and training, export project data to CSV or an audit pack, and rely on a per-project immutable audit trail plus versioned evidence.
Book a tailored walkthrough with our team and see how it fits your portfolio.