Frameworks & Controls

Frameworks & Controls

Frameworks group the controls you must satisfy for a given standard (SOC 2, ISO 27001, HIPAA, internal policies, etc.). Controls represent the individual requirements you implement and gather evidence for.

Opening the Frameworks workspace

Navigate to Frameworks in the tenant sidebar. You'll see a card for every framework with:

• •Name and optional description
• •A coloured badge using the framework's assigned color
• •Readiness percentage and readiness count (controls marked ready vs. total in scope)
• •Control count — total controls linked to the framework

Action toolbar

The Frameworks page includes a top action bar with these actions:

• •New Framework — opens the slide-over form to create a framework
• •Edit (pencil icon on each card) — open the framework in the same slide-over for changes
• •Delete (trash icon on each card) — remove a framework after confirmation
• •View Controls — jump to the Controls list pre-filtered to that framework

Creating a framework

•Name (e.g. "SOC 2")

•Description (optional)

•Color — pick a preset (blue, purple, green, red, orange, cyan, indigo, pink) used everywhere the framework appears

Editing follows the same form; the action button changes to Update.

Linking controls

Controls live at Controls in the sidebar. For each control you can configure:

• •Control code and name
• •Description
• •Status — in_scope or out_of_scope
• •Readiness — ready or not_ready
• •Owners — workspace members responsible for the control
• •Frameworks — one or more frameworks the control belongs to

The framework readiness percentage is computed from the readiness state of every in_scope control linked to that framework.

Tips

• •Pick distinct colours for each framework — badges appear on controls, evidence, and approvals.
• •Use out_of_scope rather than deleting controls you've reviewed and decided not to implement; this preserves audit history.
• •Set explicit owners so the readiness, evidence, and approval workflows can route work correctly.