Skip to main content
The Compliance module is where you build and maintain your clients’ compliance programs. It handles the full lifecycle: adopting frameworks, implementing controls, writing policies, collecting evidence, assessing risk, and generating reports for auditors and executives.

What the Compliance Module Does

  • Centralizes compliance management across multiple frameworks in one interface
  • Maps controls across frameworks using the Common Control Framework (CCF) so you implement once and satisfy many
  • Tracks implementation status with real-time dashboards and gap analysis
  • Automates evidence collection through integrations with identity providers, cloud platforms, and RMM tools
  • Generates audit-ready reports with compliance scores, gap summaries, and executive overviews

Supported Frameworks

Health Insurance Portability and Accountability Act. Covers the Privacy Rule, Security Rule, and Breach Notification Rule. Includes BAA tracking and Security Risk Assessment (SRA) workflows.
Service Organization Control 2 based on the AICPA Trust Service Criteria. Covers Security, Availability, Processing Integrity, Confidentiality, and Privacy.
NIST Cybersecurity Framework. Organized around Identify, Protect, Detect, Respond, and Recover functions.
International standard for information security management systems (ISMS). Covers Annex A controls and the Plan-Do-Check-Act cycle.
Cybersecurity Maturity Model Certification for Department of Defense contractors. Tiered maturity levels with practice-based controls.
Payment Card Industry Data Security Standard. Twelve requirement categories for organizations handling cardholder data.
General Data Protection Regulation. Covers data subject rights, lawful processing bases, DPIAs, and breach notification requirements.
FTC Safeguards Rule under the Gramm-Leach-Bliley Act. Requires financial institutions to develop, implement, and maintain an information security program.

How the Common Control Framework Works

The CCF is the mapping layer that connects your internal controls to requirements across every adopted framework. When you implement a control — say, “Multi-Factor Authentication for All Users” — the CCF automatically maps it to the relevant requirements in HIPAA, SOC 2, NIST, and any other framework you have adopted. This means:
  • One implementation satisfies requirements across multiple frameworks
  • Status updates propagate everywhere the control is mapped
  • Evidence attached to a control counts toward every mapped framework
  • Gap analysis accounts for cross-framework coverage
The CCF mapping is maintained by Regentra and updated as frameworks evolve. You can also create custom controls and map them manually.

Compliance Dashboard

When you open the Compliance module, the dashboard gives you an at-a-glance view of your compliance posture:
  • Compliance Score — percentage of controls that are fully implemented across your active frameworks
  • Control Status Breakdown — visual breakdown of Not Started, In Progress, Implemented, Needs Review, and N/A controls
  • Risk Indicators — flagged controls that are overdue, missing evidence, or approaching review deadlines
  • Recent Activity — latest changes to controls, policies, and evidence across your organization

Dive Deeper

Frameworks

Adopt and manage compliance frameworks. Understand what happens when you activate a new standard.

Controls

Work with individual controls — update statuses, attach evidence, and view framework mappings.

Policies

Create policy documents from templates, manage approvals, and run signature campaigns.

Risk Assessment

Conduct risk assessments, maintain a risk register, and track treatment plans.

Evidence Collection

Collect evidence automatically through integrations or upload it manually.

Reports

Generate compliance summaries, gap analysis reports, and executive briefings.