| description |
|---|
This is where you can carry out your compliance work based on the framework of your choice. |
The fundamental object of CISO Assistant for compliance is the framework. It corresponds to a given standard, e.g. ISO27001:2022. They can be imported from the library. If you don't find a framework which fits your needs, no worries, you can build your own framework and add it to CISO Assistant!
This allows you to assess your compliance with the chosen framework through different statuses for each requirement that requires one of the following:
- To do
- In progress
- Non compliant
- Partially compliant
- Compliant
- Not applicable
{% hint style="info" %} Evaluate a requirement inside a compliance assessment is called requirement assessment {% endhint %}
Evidence allows you to use a description, link or file to justify the status of a compliance requirement or to prove that a control has been applied. They can therefore be associated with different applied controls or requirement assessments.