Compyl
Request Demo
Start here Platform Overview A guided, top-to-bottom tour of the entire GRC platform — one connected system, not point tools. Take the tour →
Govern
Policy ManagementCurrent, control-aligned policiesContract ManagementTrack every obligationAsset ManagementProtect critical assets
Comply & audit
ComplianceTest once, satisfy manyEvidence StudioAutomated, live evidenceTrust CenterShare your security postureUser Access ReviewsFast, accurate access reviews
Risk & third-party
Risk ManagementRisk in dollars, via FAIRThird Party InsightsObjective vendor risk in minutesVendor Risk ManagementManage third-party risk end to end
Compyl AI
Compyl AIAgentic AI across the platformCompyl CopilotAsk your GRC data anythingQuestionnaire AssistAI-drafted questionnaire answers
125+ integrations — connect your stackRequest a demo →
One control library Every framework, mapped Map a single control to every framework it satisfies — test once, prove many. See all frameworks →
Popular
SOC 2ISO 27001HIPAAPCI DSS
Standards
GDPRNIST CSFNIST SP 800-53ISO 42001
More
CCPAHITRUSTMASNIS2
Compliance, automated — how Compyl maps controlsRequest a demo →
Latest Inside Compyl 26.2 AI-powered GRC, from risk to audit — what's new in the platform. Read the post →
Learn
BlogInfoSec & compliance, trendingGuidesStep-by-step playbooksGlossaryGRC terms, defined
Watch & grow
Security SessionsOn-demand episodesEducation CenterLearn the platformCase StudiesResults from real teams
Network
Partner NetworkCompyl Connect partners
Company Built by CISOs Our mission: make GRC adapt to how you work — not the other way around. About Compyl →
Company
About UsMission & teamCareersJoin the team
Trust
Our SecurityHow we protect youContact UsTalk to us
Solution · Compliance

Compliance that holds across every framework — mapped once, proven continuously.

Most teams rebuild their program for every audit. Compyl maps a control once, auto-collects the evidence from your live systems, and keeps you audit-ready across SOC 2, ISO 27001, HIPAA, and 20+ frameworks — all from one source of truth.

Request Demo → See how it works
20+ frameworks
125+ integrations
1,500+ blueprints
Home › Controls › SOC 2 v26.2 A1.1 Passing In Scope The entity maintains, monitors, and evaluates current processing capacity and use of system components. ADDITIONAL CRITERIA FOR AVAILABILITY Evidence Health Needs Review RELEVANCE 96% FRESHNESS 84% COMPLETENESS 93% Data Sources AWS · Azure 2 Related Policies POL02 · POL14 2 Cross Mapped Controls ISO · NIST · CIS · HIPAA 60 Blueprints running 3 Tasks 4
Evidence Health Action CrowdStrike · endpoint posture Freshness 41d old ✓ Refresh task auto-created
Blueprints 3 running Capacity utilization Passing Backup & recovery Scheduled Connected to control A1.1
What is Compyl compliance management?

Compyl compliance management runs your entire compliance program from one connected platform. It maps a single control library to SOC 2, ISO 27001, HIPAA, PCI DSS, NIST, and 20+ frameworks, automatically collects audit evidence from 125+ in-house integrations, monitors every control continuously, and scores evidence health — so you stay audit-ready year-round and prove compliance on demand instead of rebuilding for every assessment.

The problem

Every framework re-audits the same controls — most teams rebuild from scratch

SOC 2, ISO 27001, HIPAA, and PCI share the majority of their controls. When your program lives in spreadsheets and point tools, you collect the same evidence over and over and still scramble before each audit.

Duplicated work

The same control gets re-documented for every framework, multiplying effort instead of reusing it.

Evidence goes stale

Screenshots gathered for the audit are out of date a week later. Point-in-time proof hides real drift.

Tools hit a ceiling

Compliance automation gets you through the first audit, then can't scale to a mature, end-to-end program.

How it works

One control library, every framework — from mapping to audit evidence

Compyl runs compliance as a connected, always-on cycle. Each stage feeds the next, so audit-readiness is a state you maintain, not a project you restart.

01

Connect

125+ in-house integrations pull live data from the systems you already run.

02

Map once

Map each control to every framework it satisfies — no duplicate work.

03

Collect evidence

Evidence is gathered automatically and scored for relevance, freshness, completeness.

04

Monitor

Controls are watched continuously; drift becomes a tracked task, not a finding.

05

Prove on demand

The Auditor Portal assembles the evidence so any audit is a formality.

Cross Mapped Controls

Map a control once — it cross-maps to every framework it satisfies

In Compyl, one control cross-maps to every framework it satisfies. Map control A1.1 once and its evidence proves 60 controls across ISO 27001, NIST CSF, CIS v8, HIPAA, and ISO 42001 — collect once, prove them all.

  • Cross-map a single control to every framework it satisfies
  • Collect evidence once and reuse it across all overlapping requirements
  • See instantly how readiness in one framework carries to the next
  • Add custom frameworks for internal policies and emerging regulations
Cross Mapped Controls · A1.1 60 mapped A1.1 1 control ISO 27001 27 NIST CSF 13 CIS v8 16 HIPAA 3 ISO 42001 1 Evidence collected once · automatically satisfies 60 controls
Evidence Health · New in 26.2

Evidence collects itself — and tells you when it’s weak

Compyl pulls evidence directly from the systems you already run, then scores every artifact on relevance, freshness, and completeness — so stale or thin evidence surfaces weeks before an audit, not during it.

  • Auto-collect evidence from 125+ in-house integrations
  • Every artifact scored on relevance, freshness, and completeness
  • An AI summary spells out exactly what’s missing and why
  • Re-scores automatically whenever the underlying evidence changes
Evidence Studio · Compliance ● auto-collecting SOURCE EVIDENCE HEALTH STATUS AWS Access logs 98 Current ✓ Okta MFA enforcement 95 Current ✓ GitHub Change mgmt 100 Current ✓ CrowdStrike Endpoint posture 74 Stale ● Datadog Uptime monitoring 96 Current ✓ CrowdStrike evidence is 41 days old — refresh before SOC 2 window AI flagged freshness · remediation task auto-created 125+ integrations feeding evidence — scored continuously
Auditor Portal · New in 26.2

Walk into any audit with the evidence already assembled

The Auditor Portal runs the whole audit from one workspace — framework readiness, control pass rates, and every auditor request matched to the evidence that answers it. No more scramble, no more spreadsheet of screenshots.

  • One workspace for readiness, requests, and evidence
  • Auditor requests auto-matched to the evidence that satisfies them
  • Live pass rates per framework, so there are no surprises on audit day
  • A complete, time-stamped trail auditors can sample on demand
Auditor Portal · SOC 2 2026 92% ready 38 / 41 REQUESTS AUDITOR REQUESTS PBC-12 · Access reviews Provided PBC-18 · Change logs Provided PBC-21 · BC/DR test In progress PBC-24 · Vendor list Provided 38 of 41 auditor requests answered — evidence attached Remaining 3 in progress with owners and deadlines One workspace · every framework you carry
Explore next

Part of one connected GRC platform

Compliance lives in the same platform as your policies, contracts, and vendor risk — so a single source of evidence works everywhere at once.

Policy Management

Author, approve, and version the policies behind your controls — mapped to every framework they satisfy.

Explore Policy Management →
Contract Management

Tie contracts to the vendors, assets, and controls they touch, with proactive renewal and spend visibility.

Explore Contract Management →
Vendor Risk Management

Assess and monitor third-party risk continuously, linked to the contracts and controls each vendor touches.

Explore Vendor Risk →
Why Compyl is different

Built by CISOs as an end-to-end GRC platform — not another compliance tool

Compliance automation gets you through the first audit. Compyl was built to run your whole program — and it shows up in five ways.

01

GRC that adapts to complexity

No-code configuration of dashboards, workflows, fields, and reports for every team — without an engineering ticket.

02

End-to-end, built to flex and scale

Governance, risk, compliance, and third-party risk as one connected source of truth — with no ceiling as your program matures.

03

No black box — all your data

125+ proprietary, in-house integrations ingest your full dataset and surface risks single-system checks miss.

04

Automation and AI that augments your team

Agentic AI and 1,500+ blueprints automate evidence and busywork, with humans in the loop on every decision that matters.

05

Quantified risk in financial terms

FAIR models and Monte Carlo simulations put risk in dollars, so the board decides on business impact — not heat-map colors. New in 26.2.

Now in 26.2

The latest release, working inside your compliance program

Compyl 26.2 brings AI-built blueprints, scored evidence, an auditor portal, and risk in financial terms — the capabilities that move you from keeping up to setting the pace.

AI Blueprints

Start on day one with 1,500+ pre-built blueprints — the queries that automatically pull evidence and data from your systems. Need one you don’t have yet? Write what you need in plain language and AI Blueprints turns it into the query for you.

Evidence Health

Every artifact scored on relevance, freshness, and completeness, with an AI summary of exactly what’s missing and why.

Auditor Portal

Give auditors their own portal and run audits like ISO 27001 end to end — every request matched to the evidence that answers it.

FAIR risk in dollars

FAIR models and Monte Carlo simulations quantify risk in financial terms, so the board decides on business impact — not heat-map colors.

Framework coverage

One control library, mapped to every framework it satisfies

Compyl cross-maps controls so a single piece of evidence can satisfy requirements across multiple frameworks at once. Explore any framework below.

SOC 2 ISO 27001 ISO 42001 HIPAA GDPR PCI DSS NIST CSF NIST SP 800-53 MAS CCPA HITRUST NIS2 20+ frameworks
80%
Faster audit prep reported by Compyl customers
20+
Frameworks from one mapped control library
125+
Native integrations feeding live evidence
Year-round
Audit-ready, not a pre-audit scramble
Recognized by users on G2

Rated a leader by the teams who use it

G2 High Performer, Mid-Market
G2 Momentum Leader
G2 Fastest Implementation, Go-Live Time
G2 Best Support, Quality of Support
G2 Best Meets Requirements, Mid-Market
FAQ

Compliance questions, answered

Compyl compliance management runs your entire compliance program from one connected platform. It maps a single control library to SOC 2, ISO 27001, HIPAA, PCI DSS, NIST, and 20+ frameworks, automatically collects audit evidence from 125+ integrations, monitors controls continuously, and keeps you audit-ready year-round instead of rebuilding for every assessment.

Compyl cross-maps every control to all the frameworks it satisfies. You map a control once and Compyl applies its evidence to SOC 2, ISO 27001, HIPAA, PCI DSS, and any other framework that shares it — so the second framework costs a fraction of the first and nothing is collected twice.

Compyl connects through 125+ proprietary, in-house integrations and pulls evidence directly from the systems you already run. Evidence is collected continuously, mapped to the right control, and scored for relevance, freshness, and completeness by Evidence Health — so weak evidence surfaces weeks before an audit.

Introduced in Compyl 26.2, the Auditor Portal is Compyl’s audit command center — a single workspace for running an audit — framework readiness, control pass rates, auditor requests, and the evidence that answers them, all in one place. You walk into the audit with the evidence already assembled instead of scrambling to gather it.

Most compliance tools get you through the first audit, then hit a ceiling. Compyl was built by CISOs as an end-to-end GRC platform: no-code configurability, one source of truth across governance, risk, compliance, and third-party risk, 125+ in-house integrations, agentic AI with humans in the loop, and FAIR-based risk quantification that puts risk in financial terms.

Compyl supports 20+ frameworks out of the box — SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS, NIST CSF, NIST SP 800-53, CCPA, HITRUST, MAS, and NIS2 — plus custom frameworks you build for internal policies, contractual requirements, or emerging regulations.

GRC YOUR WAY

Make compliance a continuous program, not an annual scramble

See how Compyl maps a control once, auto-collects the evidence, and keeps you audit-ready across every framework you carry.

Request a Demo →
By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies
Accept