Now with seven built-in AI assistants

Your entire
compliance program,
in one workspace.

ComplyAura unifies frameworks, controls, evidence, audits, risks, vendors, incidents, and intelligence — so your team runs SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR and 11 more frameworks from a single source of truth.

Book a demo → See what's inside

15 frameworks 7 AI assistants Role-based access · MFA

app.complyaura.com / dashboard

Active frameworks 5 / 15

Open gaps 7 −12 this week

Evidence collected 1,284 +38 today

Frameworks 5 active

SOC 2

96%

ISO 27001

88%

HIPAA

72%

PCI DSS

64%

✶

AI mapped 12 controls Gap analysis · ISO 27001

✓

Evidence approved Access reviews · Q2

Fifteen frameworks pre-loaded out of the box

SOC 2 Type IIISO 27001:2022PCI DSS v4.0GDPR NIST CSF v2.0HIPAANIST 800-53 Rev 5CIS Controls v8 SOC 1 Type IIISO 27701CCPA / CPRAFedRAMP HITRUST CSFISO 22301 SOC 2 Type IIISO 27001:2022PCI DSS v4.0GDPR NIST CSF v2.0HIPAANIST 800-53 Rev 5CIS Controls v8 SOC 1 Type IIISO 27701CCPA / CPRAFedRAMP HITRUST CSFISO 22301

Inside ComplyAura

Every workflow your
compliance team already runs.

Seventeen modules organized into Compliance, Operations, Risk & Security, Intelligence and Insights — each one built around what compliance teams actually do every day.

Frameworks

Activate any of 15 frameworks. Sync requirements from official sources, preview changes, and apply with one click.

Gap Analysis

See every unmapped requirement across every framework. AI suggests existing control matches and recommends new ones to build.

Controls Registry

Templated controls with status, priority, frequency, owners, tests, evidence links, and full audit history.

Policies Library

Draft → review → approved → archived workflow with versioning, acknowledgement tracking, and AI policy generation.

Evidence Library

Upload PDFs, sheets and docs. Track expiry, route reviews, link to controls, and auto-create tasks when things go stale.

Audit Workspace

Run internal and external audits in-app: review controls and policies, log findings, export the whole report to PDF.

Tasks Kanban

Awaiting Action → Implementation → Under Audit → Validated. Recurrence, owners, comments, and badge counts everywhere.

Vendors & Contracts

Tier vendors, track DPAs/MSAs/BAAs, send questionnaires, score risk with AI, and manage contract obligations by type.

Risks & Incidents

5×5 likelihood/impact register, treatment plans, incident workflow with severity, and AI-drafted response plans.

Questionnaires

Build from templates, auto-fill with AI confidence scoring, import/export CSV/JSON, and route through approvals.

Daily Briefing & Intel

Daily summary of risks, expiring evidence and overdue tasks — plus separate threat-intel and compliance-intel feeds.

Reports & Exec Summary

Eight report types — compliance status, control effectiveness, risk summary, vendor risk, evidence and more — all PDF/CSV exportable.

Seven AI assistants

AI that actually does the work.

ComplyAura ships with seven Claude-powered assistants embedded throughout the product. They read your real controls, policies, evidence and frameworks — and produce work, not chat.

✶ Compliance Chat — answer "are we SOC 2 compliant?" with cited controls, policies, and risks
✶ Gap Mapping — match unmapped requirements to existing controls or recommend new ones
✶ Policy Generation — draft full policies in markdown, tied to your frameworks and controls
✶ Risk Narrative — generate descriptions, causes, consequences, and 5×5 scoring for risks
✶ Incident Response Plan — produce regulator-aware plans with GDPR 72h, HIPAA 60d, and PCI deadlines built in
✶ Vendor Risk Scoring — score 0–100 with red flags, strengths, and approve/conditional/reject recommendation
✶ Questionnaire Auto-Answer — batch-fill questionnaires with confidence scores and source citations

comptrack.ai · gap analysis claude

Requirement

ISO 27001 A.8.2 — Privileged access rights

ComplyAura AI

Scanning 142 controls

CTRL-014 Privileged access management match · 0.94

CTRL-027 Quarterly access review match · 0.88

CTRL-031 Just-in-time admin elevation match · 0.71

NEW Break-glass account procedure recommended

Apply 3 mappings · create 1 control

How it works

Three steps to audit-ready.

Activate

Pick your frameworks from the catalog of 15. Requirements, categories and reference codes are pre-loaded.

Map & build

Run gap analysis. AI maps existing controls, drafts new ones, and pulls in evidence from your library.

Run the audit

Review controls, log findings, and export the audit report to PDF — straight from the audit workspace.

Coverage

The fifteen frameworks your customers ask for.

Every framework ships with requirements, categories, reference codes, and AI-powered cross-mappings to your existing controls.

SOC 2 Type II SOC 1 Type II ISO 27001:2022 ISO 27701:2019 ISO 22301:2019 PCI DSS v4.0 HIPAA HITRUST CSF v11 GDPR CCPA / CPRA NIST CSF v2.0 NIST 800-53 Rev 5 CIS Controls v8 FedRAMP Rev 5

Questions

What teams ask before they switch.

What is a compliance management platform?

A compliance management platform is software that centralizes the work of meeting regulatory and security frameworks — SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIST, and others. Instead of managing controls in spreadsheets, evidence in shared drives, and audits over email, a compliance platform keeps frameworks, controls, policies, evidence, risks, vendors, and incidents in one connected workspace. ComplyAura is built specifically for this: it supports 15 frameworks out of the box with AI-powered gap analysis, policy generation, and audit workflows.

How does ComplyAura help with SOC 2 compliance?

ComplyAura ships with the full SOC 2 Type II trust service criteria pre-loaded. When you activate SOC 2, the platform maps your existing controls to each criterion, highlights gaps, and lets AI suggest or draft the missing controls and policies. Evidence collection runs on a schedule with automatic reminders and approval workflows, so you're never scrambling before an audit. When your auditor arrives, you grant scoped read-only access to the audit workspace — every control, policy, and evidence artifact is already organized and exportable to PDF.

Can one control satisfy multiple compliance frameworks at once?

Yes — and this is one of ComplyAura's core design principles. A single well-implemented control (like MFA enforcement) can simultaneously satisfy requirements in SOC 2, ISO 27001, HIPAA, PCI DSS, and NIST. ComplyAura's cross-framework mapping engine links each control to every requirement it covers, so you implement once and get credit across all active frameworks. This eliminates the duplicate work that plagues teams managing multiple certifications.

What compliance frameworks does ComplyAura support?

ComplyAura supports 15 frameworks: SOC 2 Type II, SOC 1 Type II, ISO 27001:2022, ISO 27701:2019, ISO 22301:2019, PCI DSS v4.0, HIPAA, HITRUST CSF v11, GDPR, CCPA/CPRA, NIST CSF v2.0, NIST 800-53 Rev 5, CIS Controls v8, and FedRAMP Rev 5. Each framework comes with requirements, categories, and reference codes pre-loaded. You can activate any combination and the platform handles cross-mappings automatically.

How is ComplyAura different from other GRC tools?

Most GRC tools bolt compliance onto a broader governance platform. ComplyAura is built exclusively for compliance teams. Every module — gap analysis, controls, policies, evidence, audits, vendors, risks, incidents, questionnaires, and reporting — is designed around real compliance workflows, not generic project management. Seven specialized AI assistants handle the repetitive work: mapping gaps, drafting policies, scoring vendor risk, auto-filling questionnaires, and generating incident response plans with regulator-specific deadlines built in.

Does ComplyAura use AI? Is it safe for regulated data?

ComplyAura includes seven Claude-powered AI assistants that work with your real controls, policies, and evidence. They draft policies, map gaps, score vendor risk, auto-fill questionnaires, and generate incident response plans. All AI processing happens within ComplyAura's infrastructure with per-tenant data isolation. Customer content is never used to train third-party models. The AI accelerates work — humans still own every decision and approval.

Stop chasing
spreadsheets.

Get a guided tour of ComplyAura and see your first compliance score in under 30 minutes.