Compyl
Request Demo
Start here Platform Overview A guided, top-to-bottom tour of the entire GRC platform, one connected system, not point tools. Take the tour → 125+ connectorsIntegrationsConnect your cloud, identity, ticketing & security tools, evidence flows in automatically.Explore integrations →
Govern
Policy ManagementCurrent, control-aligned policiesContract ManagementTrack every obligationAsset ManagementProtect critical assets
Comply & audit
ComplianceTest once, satisfy manyEvidence StudioAutomated, live evidenceTrust CenterShare your security postureUser Access ReviewsFast, accurate access reviews
Risk & third-party
Risk ManagementRisk in dollars, via FAIRThird Party InsightsObjective vendor risk in minutesVendor Risk ManagementManage third-party risk end to end
Compyl AI
Compyl AIAgentic AI across the platformCompyl CopilotAsk your GRC data anythingQuestionnaire AssistAI-drafted questionnaire answers
125+ integrations, connect your stackRequest a demo →
By industryIndustriesGRC tailored to the exact regulators and frameworks your industry answers to, one control library, mapped to all of them.Explore industries →
Financial ServicesSOX, GLBA, PCI, NYDFS, DORAHealthcareHIPAA, HITECH, PHI, BAAsLegalSOC 2, ISO 27001, OCG, privilege
InsuranceNAIC, GLBA, Model Audit RuleEnergy & UtilitiesNERC CIP, IEC 62443, TSAHigher EducationFERPA, GLBA, NIST 800-171
Six industries, mapped to your regulatorsRequest a demo →
One control library Every framework, mapped Map a single control to every framework it satisfies, test once, prove many. See all frameworks →
Popular
SOC 2ISO 27001HIPAAPCI DSS
Standards
GDPRNIST CSFNIST SP 800-53ISO 42001
More
CCPAMASNIS2
Compliance, automated, how Compyl maps controlsRequest a demo →
Latest Inside Compyl 26.2 AI-powered GRC, from risk to audit, what's new in the platform. Read the post →
Learn
All ResourcesBrowse the full GRC libraryGRC Learning CenterThe complete guide to GRCBlogInfoSec & compliance, trendingGuidesStep-by-step playbooks
Watch & grow
Security SessionsOn-demand episodesCase StudiesResults from real teams
Network
Partner NetworkCompyl Connect partners
Company Built by CISOs Our mission: make GRC adapt to how you work, not the other way around. About Compyl →
Company
About UsMission & teamCareersJoin the team
Trust
Our SecurityHow we protect youContact UsTalk to us
Insurance

One program, every state.

Insurers protect policyholder PII and claims data under a patchwork of state data-security laws built on the NAIC model, plus GLBA, the Model Audit Rule, and PCI. Compyl maps one control library to all of them, so you stay exam-ready across every state from a single program.

Request a Demo → See the frameworks
70+
Frameworks
125+
Integrations
1
Control library
EVIDENCE
Access reviewed · Quarterly
Current
SATISFIES ACROSS STATES
NAIC Model Law4.A
GLBA Safeguards314.4
Model Audit RuleMAR
NYDFS 500500.12
+ PCI, SOC 2 & more8
Coverage

Frameworks that govern insurance

NAIC Data Security Model LawGLBA Safeguards RuleModel Audit RuleNYDFS 23 NYCRR 500PCI DSSSOC 2ISO 27001NIST CSF+62 more
Connected

One source of truth

Controls, evidence, risk, and vendors in one connected system, across every regulator you answer to.

Always current

Continuous, not point-in-time

Evidence refreshes automatically and is scored for health, so you’re audit-ready every day of the year.

Why Compyl

Every state, one library

Adopt a new state’s data-security law and Compyl reuses the controls you already maintain.

1 → 8
mandates satisfied

One access-review control, mapped across every state and federal mandate.

Common questions

What compliance do insurance companies need?+
Insurers must protect policyholder data under state data-security laws based on the NAIC Insurance Data Security Model Law, plus the GLBA Safeguards Rule, the Model Audit Rule for financial-reporting controls, and PCI DSS for payments. Insurers in New York also fall under NYDFS 23 NYCRR 500. Compyl maps one control library to all of them.
How does Compyl handle different state adoptions of the NAIC model law?+
Compyl maintains one control library and cross-maps it to each state's adoption of the NAIC Insurance Data Security Model Law. Because the underlying controls overlap, evidence collected once satisfies every state where you operate, and new adoptions reuse controls you already have.
Does Compyl support the Model Audit Rule?+
Yes. Compyl manages the IT general controls behind the Model Audit Rule, schedules and tracks control testing, and continuously collects evidence, so the annual MAR requirements are met with current proof instead of a year-end scramble.

See Compyl mapped to your policyholder data.

Stay exam-ready across every state from a single, continuous program.

Request a Demo →

Ready to see GRC YOUR WAY?

One platform for the whole GRC lifecycle — with agentic AI that removes the busywork.

Request a Demo →
By clicking “Accept”, you agree to the use of cookies on your device in accordance with our Privacy and Cookie policies
Accept