Assembles control evidence and flags drift against the compliance framework.
Activation complexity
High
Time to activate
14-21 days
Volume share
10-20% of role volume
Impact range
Audit-ready at any moment
Inherited pricing
€3.00 – €12.00 per review or incident handled
This capability shares the Security Operations Analyst's metered unit. A review or incident handled is counted once at the role level regardless of which capability handled it. Adding this capability to an active deployment does not change the per-action price.
What this capability handles
Compliance Monitoring maps controls to the compliance framework, assembles evidence bundles from source systems, flags control drift, and prepares audit-ready packages — with analyst review on control exceptions.
Workflow summary
Maps controls, assembles evidence, flags drift, packages for audit.
Stages
Decision logic
Uses control-mapping matrices and drift thresholds to assemble evidence and flag exceptions.
Systems and data
{"GRC tool","doc repo","identity provider",EDR}
{"control library","evidence sources","audit calendar","prior findings"}
Exceptions & human handoff
Control exceptions, regulator-facing findings, or novel-framework items route to the analyst and CISO.
Control exception, regulator-facing finding, or novel-framework item.
Readiness
Control library loaded, evidence sources wired, audit calendar current.
Owner on client side · CISO
Impact contribution
15-25% of role impact is compliance-evidence audit readiness on cadence.
Primary KPI · Compliance-evidence readiness · Audit-ready at any moment
Prerequisites
Activating Compliance Monitoring in production requires the following capabilities to be live first. Ordering matters — routing and classification quality propagate.
Capability-specific integrations
Beyond the Security Operations Analyst's base stack, this capability plugs into:
The chat opens with Security Operations Analyst and Compliance Monitoring pre-selected. You can add other capabilities during the conversation.