appLockr / Compliance

Your whole compliance programme, audit-ready.

A multi-framework compliance and ISMS platform, from framework selection through controls, evidence, risk and policy to a defensible auditor handover. Ships built-in frameworks with cross-framework control mapping, automated cloud evidence collection and AI-assisted drafting.

ISO 27001SOC 2GDPRCyber EssentialsNIST CSF 2.0PCI DSS v4.0EU AI ActNIS2
Compliance matrix
Audit-ready
App
GDPR
CCPA
DSA
SOC 2
Pay · iOS
Pay · Android
!
Wealth · iOS
Wealth · Android
!
Evidence pack
Signed Q3 2026
Signed
What you can do here

Frameworks, evidence, ISMS and audit, in one place.

Everything your compliance programme needs, from control tracking to the auditor handover.

Frameworks & cross-mapping

Work multiple standards at once and answer a control once to satisfy many.

  • 13 built-in frameworks + custom
  • Per-project control workflow
  • Cross-framework control mapping
  • Statement of Applicability & scoring

Evidence & cloud collection

Capture text, files and URLs, and auto-harvest passing checks from AWS and Azure.

  • Versioned evidence library
  • AWS Security Hub collection
  • Azure subscription collection
  • AI evidence-freshness checks

Full ISMS toolkit

Every ISO 27001 management artefact, not just controls.

  • Scope, objectives & SoA
  • Asset register, RoPA, DPIA & TIA
  • Internal audits & management reviews
  • Corrective actions & training

Auditor handover & reporting

Hand auditors a read-only portal and brief the board with one PDF.

  • Tokenised auditor portal
  • Per-project audit pack & CSV
  • Org-wide board-pack PDF
  • Immutable audit trail
Do the work onceCross-framework mappings let one control or evidence item count toward every standard it satisfies.
Always audit-readyReadiness scores, a tokenised auditor portal and a one-click audit pack keep you handover-ready year-round.
Less busyworkAutomated AWS/Azure evidence collection and AI-drafted answers, policies and scope cut manual effort.
Defensible by designVersioned evidence, policy lifecycle states and an immutable audit trail give a paper trail that holds up.
FAQ

Frequently asked questions

Which frameworks are supported out of the box?

Thirteen are built in: ISO/IEC 27001, SOC 2, GDPR/UK GDPR, Cyber Essentials, ISO/IEC 27701, NIST CSF 2.0, HIPAA, PCI DSS v4.0, ISO 22301, ISO/IEC 42001, the EU AI Act, NIST AI RMF and NIS2. You can also create custom frameworks scoped to your organisation.

Can it collect evidence from my cloud automatically?

Yes. It connects to AWS and Azure and turns passing security checks into evidence, the AWS collector reads Security Hub findings via cross-account role or IAM keys, and the Azure collector scans subscription findings, mapping each to your controls.

How do auditors access my evidence?

Through a dedicated, tokenised auditor portal with no login and no access to the rest of your organisation. Auditors browse scoped controls, preview and download evidence, export a zip and leave comments.

What does the AI actually do?

It's assistive, not autonomous: gap analysis and audit-readiness reviews, policy-gap analysis, risk suggestions, evidence-freshness checks, ISMS-scope drafts and questionnaire answers. You review and accept every suggestion, nothing is auto-applied.

Is it just controls, or full ISO 27001 ISMS work?

Full ISMS. Beyond control tracking it covers Scope, Objectives, Statement of Applicability, an asset register, RoPA, DPIA/TIA, internal audits, management reviews, corrective actions and security-awareness training.

Can I report to leadership and prove an audit trail?

Yes. Generate an org-wide board-pack PDF covering posture, risk, incidents, policy, suppliers and training, export project data to CSV or an audit pack, and rely on a per-project immutable audit trail plus versioned evidence.

Ready to see Compliance in action?

Book a tailored walkthrough with our team and see how it fits your portfolio.