Overview

The Compliance module enables systematic management of compliance requirements through organized checks and runs. Create compliance runs for companies, assign checks, track completion status, and maintain detailed notes for audit purposes.

Key Features

Compliance Runs

Create and manage compliance assessment runs for companies

Check Management

Define and organize compliance checks with detailed requirements

Group Organization

Organize checks into logical groups for better management

Progress Tracking

Track completion status and progress across all checks

Compliance Structure

Hierarchy Overview

The compliance system follows a hierarchical structure: 
Company
└── Compliance Run
    ├── Groups (Optional)
    │   ├── Company-Wide Checks
    │   ├── Device Checks
    │   └── Location Checks
    └── Ungrouped Checks
        ├── Company-Wide Checks
        ├── Device Checks
        └── Location Checks

Target Types

Each compliance check can be assigned to different scope levels:
  • Company: Organization-wide policies and procedures
  • Device: Specific device or endpoint requirements
  • Location: Physical location security and controls

Compliance Checks

Check Properties

Each compliance check includes:
  • Title: Clear, actionable check name
  • Description: Detailed explanation of the requirement
  • How to Check: Step-by-step verification instructions
  • Why Important: Business justification and risk context
  • Criticality: Numerical importance rating (1-10)
  • Priority: High, Medium, or Low classification
  • Remediation: Steps to resolve non-compliance
  • Remediation Impact: Potential effects of remediation
  • References: External documentation or standards

Check Types

Currently supported check categories:
  • Device Security: Endpoint configuration and security settings
  • Location Security: Physical security controls and assessments
  • Company Policies: Organization-wide policies and procedures
  • Control Frameworks: Security control implementations
The system currently focuses on general security compliance checks. Specific framework support (like CIS Benchmarks) is included through imported check libraries rather than automated scanning.

Compliance Runs

Creating a Run

1

Initiate Run

Create a new compliance run for a company
2

Select Checks

Choose which compliance checks to include
3

Assign Targets

Specify devices, locations, or company-wide scope
4

Set Due Dates

Establish timeline for check completion
5

Execute Assessment

Perform manual verification of each check

Run Management

  • Name: Descriptive identifier for the run
  • Company: Target organization being assessed
  • Run Date: When the assessment was initiated
  • Status: Active or completed state
  • Progress: Percentage of checks completed

Check Status Options

Each check within a run can have various statuses:
  • Pass: Requirement met successfully
  • Fail: Non-compliant with requirement
  • In Progress: Currently being assessed
  • Not Applicable: Check doesn’t apply to this context
  • Pending: Awaiting assessment

Compliance Groups

Group Organization

Groups provide logical organization for related checks:
  • Create custom groups based on your needs
  • Auto-map groups to device types for consistency
  • Assign multiple checks to each group
  • Track group-level completion metrics

Group Types

  • Manual Groups: Custom organizational groupings
  • Auto-Mapped Groups: Automatically applied based on device type
  • Framework Groups: Organized by compliance framework (when applicable)

Managing Groups

  • Create groups through Settings → Compliance → Groups
  • Assign checks to groups during run creation
  • View grouped vs ungrouped checks in the tree view
  • Track completion by group for better visibility

Notes and Documentation

Note Types

  • Public Notes: Visible to clients and stakeholders
  • Private Notes: Internal documentation and observations
  • AI-Generated Notes: Assisted documentation creation

Documentation Features

  • Rich text formatting for detailed notes
  • Timestamp tracking for all updates
  • User attribution for accountability
  • Template support for consistent documentation

Progress Tracking

Metrics Available

  • Total Checks: Number of checks in the run
  • Completed: Checks with final status
  • Pass Rate: Percentage of passing checks
  • Outstanding: Checks pending completion
  • Past Due: Checks beyond their due date

Views

  • Tree View: Hierarchical organization by company → run → group → check
  • List View: Flat table view with filtering and sorting
  • Dashboard Cards: Summary metrics on company overview

Settings

Compliance Configuration

Access settings through Settings → Compliance:

Checks Management

  • Create and edit compliance check definitions
  • Import check libraries
  • Set default priorities and criticality
  • Configure status options

Groups Configuration

  • Define compliance groups
  • Set auto-mapping rules
  • Configure group priorities
  • Manage group assignments

Runs Management

  • View all compliance runs
  • Set default run templates
  • Configure completion rules
  • Manage run archival

Reporting

Available Reports

  • Run Summary: Overview of a specific compliance run
  • Company Compliance: Historical compliance for an organization
  • Check Performance: Success rates for specific checks
  • Trend Analysis: Compliance improvements over time

Export Options

  • CSV export for data analysis
  • PDF reports for documentation
  • Executive summaries for stakeholders

AI Features

AI Assistance

Use AI to help with:
  • Generating check descriptions and requirements
  • Creating remediation plans
  • Writing compliance notes
  • Improving existing check documentation
AI features assist with documentation but do not perform automated compliance scanning. All checks require manual verification.

Best Practices

Conduct compliance runs on a consistent schedule (monthly, quarterly) to maintain visibility
Document all findings thoroughly with both public and private notes as appropriate
Use groups to organize related checks for easier management and reporting
Address high-priority and critical checks first during assessments
Maintain screenshots and documentation as evidence of compliance

Permissions

Required permissions for compliance features:
  • read_compliance - View compliance data and reports
  • manage_compliance - Create and modify checks, groups, and runs
  • run_compliance - Execute compliance assessments
  • delete_compliance - Remove compliance data

Integration Points

Company Overview

  • Recent compliance runs widget
  • Outstanding compliance issues card
  • Compliance completion metrics

Planner

  • Schedule compliance run tasks
  • Track remediation activities
  • Plan follow-up assessments

Tickets

  • Create tickets from failed checks
  • Track remediation through ticketing
  • Link compliance issues to support requests

Limitations

Current Limitations:
  • No automated compliance scanning - all checks are manual
  • No direct framework integration (HIPAA, PCI-DSS, etc.) - frameworks are represented through imported check libraries
  • No scheduled/recurring runs - each run must be initiated manually
  • Limited to predefined status options
  • No automated evidence collection