Controls Management
401 controls.
6 frameworks. Zero duplication.
Pre-built controls mapped to ISO 27001, SOC 2, NIST CSF, PCI DSS, GDPR, and HIPAA. Write a control once — and see every framework it satisfies simultaneously. No more copy-pasting controls across six spreadsheets.
Frameworks covered
ISO 27001
Information security management
SOC 2
Trust services criteria
NIST CSF
Cybersecurity framework
PCI DSS
Payment card security
GDPR
EU/UK data protection
HIPAA
US health data privacy
What it does
One library to rule all six frameworks
401 platform controls
TrusTrak-managed and always up to date. Every control is categorised, framework-tagged, and ready to link to your risks from day one.
6 frameworks, one library
ISO 27001, SOC 2, NIST CSF, PCI DSS, GDPR, and HIPAA covered in one place. A single control can satisfy requirements across multiple frameworks simultaneously.
Cross-framework mapping
72 master controls power an 'Also satisfies' panel on every control detail view. See instantly which other frameworks your controls already cover.
4 control types
Preventive, Detective, Corrective, and Compensating. Compensating controls are required for PCI DSS formal compensating control documentation — we have them built in.
Custom controls
Add unlimited org-specific controls alongside platform controls. Bulk-import existing controls via CSV with an idempotent upsert — no duplicates, no lost data.
Effectiveness tracking
Record testing results, set testing frequency, and track last-tested dates per control. Know which controls are due for re-testing before your auditors ask.
How it works
Browse, map, test. Done.
Browse or import
Search and filter 401 pre-built controls by framework, type, or keyword. Or bulk-import your existing control library via CSV — RiskGuard merges them with the platform controls without duplicating.
Map to risks
Link controls to your risk register entries. One control mapped to one risk can satisfy requirements across ISO 27001, SOC 2, and NIST simultaneously — the cross-framework panel shows you exactly what's covered.
Test and track
Record testing results against each control, set a testing schedule, and track effectiveness over time. When an auditor asks 'when was this last tested?' — the answer is one click away.
The cross-framework advantage
72 master controls. Infinite coverage.
Behind the 401 platform controls sits a layer of 72 master control concepts — framework-agnostic ideas like “Access Control Policy” that group equivalent controls from all 6 frameworks. When you open any control, the “Also satisfies” panel shows you every other framework requirement that same control covers.
The result: implement once, satisfy everywhere. No duplication, no drift, no missed mappings.
Works seamlessly with
The rest of your compliance workflow
Risk Register
Controls link directly to risks. Map ISO 27001 Annex A controls to a risk in seconds, with AI-suggested controls shown as toggleable pills at creation time.
Learn moreEvidence Locker
Every control can have evidence attached. Upload the testing documentation and the evidence locker SHA-256 verifies it — tamper-evident from the moment it lands.
Learn morePDF Audit Reports
Controls feed the audit report directly. Compliance status per control, cross-framework coverage, and corrective action plans — generated automatically.
Learn moreReady to get
audit-ready?
Book a 30-minute demo and see how RiskGuard can get your startup compliant — without the consultant fees.