Compliance

The Compliance page allows organizations to manage, monitor, and maintain adherence to security and regulatory frameworks. It provides visibility into control objectives, evidence management, and exception handling. This page is designed to support internal audits, compliance assessments, and risk management activities.

Once opened, you will see a structured list of control categories and principles aligned with frameworks. Each principle contains detailed descriptions, associated checks, and available actions.

Page Layout

The Compliance page is divided into three main sections:

a. Control Categories (Left Panel)

• Displays all control categories and sub-categories (e.g., Control Environment, Information and Communication, Risk Assessment).

• Selecting a category will display related principles and checks on the main panel.

b. Principle Details (Main Panel)

• Each principle includes:

  • Title and Description: Outlines the compliance requirement (e.g., integrity, governance, oversight).

  • Checks: Lists associated policies, procedures, and configurations. These checks indicate compliance readiness and highlight missing or incomplete items.

  • Action Buttons: Options to upload evidence, view evidence, and add as an exception.

c. Evidence and Exception Management (Pop-up Windows)

• When performing an action, a pop-up window opens for further details.

Best Practices

• Regularly upload updated evidence to ensure ongoing compliance.

• Review red checks frequently and assign remediation tasks.

• Document exceptions clearly, including timelines for resolution.

• Use the View Evidence feature during audits to streamline validation.

Summary

The Compliance page is a central hub for managing regulatory adherence. By using the Upload Evidence, View Evidence, and Add Exception functions, organizations can effectively maintain compliance posture, demonstrate accountability, and prepare for audits.