Compliance

The Compliance module helps organizations maintain adherence to regulatory frameworks and internal policies. It continuously monitors your infrastructure configuration, access patterns, and operational procedures against defined compliance rules.

Key Features

• Framework support — Built-in rule packs for SOC 2, ISO 27001, HIPAA, PCI-DSS, GDPR, and NIST 800-53
• Continuous monitoring — Automated compliance checks run on every configuration change and on a scheduled basis
• Policy-as-code — Define custom compliance rules using a declarative policy language
• Evidence collection — Automatically gather audit evidence (logs, configurations, access records) for compliance reviews
• Drift detection — Alert when infrastructure configuration deviates from the compliant baseline
• Compliance dashboard — Real-time compliance posture with pass/fail/warning breakdowns per framework
• Audit reports — Generate auditor-ready reports with evidence links and remediation status
• Remediation integration — Non-compliant findings can trigger runbooks or workflows for automatic remediation

How to Access

Navigate to Compliance in the left sidebar. The overview shows your compliance posture across all active frameworks.

Basic Usage

1. Open Compliance from the sidebar
2. Click Add Framework to enable a compliance framework (e.g., SOC 2 Type II)
3. Review the auto-populated control list — each control shows its current status
4. Click a control to see the specific checks, their results, and linked evidence
5. For failing controls, click Remediate to generate or run a remediation runbook
6. Schedule automated compliance scans under Compliance → Schedule
7. Generate an audit report from Compliance → Reports when preparing for an external audit