Supported frameworks include:

• HIPAA
• NIST 171
• GDPR
• NIS2
• ISO 27001
• DORA
• FFIEC
• FDIC
• PCI-DSS

Setting up a compliance framework:

1. Navigate to Compliance in the Web UI
2. Click Add Compliance Framework
3. Configure the framework details:
   • Name — the framework name (e.g., “GDPR Compliance”)
   • Description — purpose and scope
   • Reference Code — the standard identifier (e.g., “GDPR-2016/679”)
   • Category — industry or regulation type
   • Priority — Critical, High, Medium, or Low
4. Click Save

Creating compliance rules within a framework:

Compliance rules define the specific requirements within a framework and how the system monitors them.

1. Select the compliance framework you just created
2. Click Add Rule
3. Configure the rule details:
   • Rule Name — the specific requirement (e.g., “Access Logging Required”)
   • Description — a detailed explanation of the requirement
   • Reference — the section or clause number from the framework
   • Severity — the impact level if the rule is violated
4. Link the rule to audit data:
   • Environment — which environment this applies to
   • Category — which log category to monitor
   • Operations — which specific operations must be logged
5. Define compliance criteria:
   • Must Exist — certain events must be present in the audit data
   • Must Not Exist — certain events must never occur
   • Count Thresholds — minimum or maximum event counts
   • Time Constraints — events must occur within defined timeframes
6. Click Save

Linking reports to compliance rules:

Associating reports with compliance rules automates evidence collection for audits.

1. Open the compliance rule configuration
2. Navigate to the Linked Reports tab
3. Click Link Report
4. Select the reports that provide evidence of compliance for this rule
5. Click Save

Generating compliance reports on demand:

1. Navigate to Compliance → Reports
2. Select the compliance framework
3. Choose the time period to cover
4. Select which rules to include:
   • All Rules
   • Non-Compliant Rules Only
   • Critical Rules
   • Custom Selection
5. Click Generate Report
6. Download the report in your preferred format:
   • PDF — for auditor submission
   • Excel — for detailed internal analysis
   • CSV — for data processing

Scheduling compliance reports:

1. Navigate to Compliance → Scheduled Reports
2. Click Add Schedule
3. Configure the schedule:
   • Framework — which framework to report on
   • Frequency — Weekly, Monthly, Quarterly, or Annually
   • Recipients — email addresses for report delivery
   • Format — PDF, Excel, or CSV
4. Click Save

Monitoring compliance status:

1. Navigate to the Compliance Dashboard
2. Review key metrics:
   • Overall Compliance Score — percentage of rules currently met
   • Compliant Rules — rules currently satisfied
   • Non-Compliant Rules — rules with active violations
   • Pending Rules — rules awaiting validation
3. Click into any framework to drill down into individual rule status
4. Click a specific rule to view violation details, last evaluation time, and supporting evidence

Configuring compliance alerts:

Set up notifications so your team is informed immediately when a compliance violation is detected.

1. Open a compliance rule
2. Navigate to the Alerts tab
3. Click Add Alert
4. Configure:
   • Trigger Condition — when to send the alert
   • Recipients — email addresses or user groups
   • Alert Frequency — Immediate, Daily, or Weekly
   • Escalation — who to notify if the violation is not resolved
5. Click Save

Best practices:

• Group related rules logically within each framework for easier navigation
• Always link reports to compliance rules to automate evidence collection
• Define clear, measurable criteria for each rule so compliance status is unambiguous
• Schedule reports in advance of known audit periods
• Regularly review rules to ensure they reflect current regulatory requirements
• Restrict compliance configuration access to authorized personnel only
• Document remediation actions taken when violations are detected