Compliance
Compliance is the framework and evidence workspace. It shows what is covered, what is missing, and what needs action next.
Current tabs: | Tab | Purpose | |---|---| | Regulatory Frameworks | Coverage cards and framework-specific posture | | Gap Analysis | Cross-framework gaps and follow-up priorities | | ROI & Savings Dashboard | Business-owner view of impact and savings | | ROI Calculator | Scenario modeling for business-owner planning | | Regulatory Reference | Audit and remediation reference material |
Important: Tab availability changes by role. Business Owner views include ROI tabs and a framework summary view. Policy and compliance roles see the regulatory reference view instead.
Compliance
The Compliance workspace brings policy evidence together across your applications and maps it to the frameworks you care about. Use it when you need to understand coverage, identify gaps, or prepare for audit and leadership review.
Developer does not access the Compliance workspace. Exact tabs differ by role — see the tab reference table below.
You see action cards above the main tabs for open policy suggestions, evidence gaps, newly activated rules, and export-ready applications. You can schedule reports, manage audit engagements, request data erasure, and export subject data for GDPR Right of Access requests. The Subject Data Export action in the session detail panel produces a structured export of all data VeriProof holds for a specific data subject — suitable for delivering to the subject directly.
Your Compliance view emphasizes ROI and business impact. You see the ROI & Savings Dashboard, the ROI Calculator, and a business-language Framework Summary — not the technical remediation reference.
Your view is scoped to your active audit engagement. You can export evidence packs, annotate sessions to record findings, and manage your engagement record — updating scope, status, and supporting notes. The Regulatory Reference tab gives you the standards mapping your evidence report depends on.
You access the Compliance workspace to review framework coverage gaps, audit datasets, and open policy suggestions. The Regulatory Reference tab gives you remediation context for the controls your rules need to cover. You cannot schedule reports, manage audit engagements, or export evidence packs — those belong to Compliance Officers and Administrators.
Current Tabs
The current Compliance workspace uses these top-level tabs:
| Tab | Who sees it | What it covers |
|---|---|---|
| Regulatory Frameworks | All roles with Compliance access | Framework-by-framework posture and control coverage |
| Gap Analysis | All roles with Compliance access | Cross-framework gaps and follow-up priorities |
| ROI & Savings Dashboard | Business Owner and roles with ROI access | Estimated savings, risk reduction, and operational value |
| ROI Calculator | Business Owner and roles with ROI access | Scenario modeling for business planning |
| Regulatory Reference | Administrator, Governance Engineer, Compliance Officer, Auditor | Reference material for audit, remediation, and self-assessment |
| Framework Summary | Business Owner | Leadership-ready framework summaries in business language |
Regulatory Frameworks
This is the main day-to-day framework view. It shows which frameworks are on track, which need attention, and where coverage is thin.
A scorecard is shown for each supported framework, including:
| Framework | Coverage |
|---|---|
| EU AI Act | Risk management, documentation, transparency, human oversight, and post-market obligations |
| ISO/IEC 42001 | Full AIMS clause mapping including all Annex A controls |
| NIST AI RMF | All four functions: Govern, Map, Measure, Manage |
| SOC 2 Type II | Common Criteria CC6, CC7, CC9 relevant to AI systems |
| HIPAA | Administrative and Technical Safeguards relevant to AI systems processing PHI |
Each card shows current coverage, open gaps, and follow-up direction. Business Owner views translate this into consequence and business impact language.
Gap Analysis
Gap Analysis is the cross-framework drill-down view. Use it when the high-level framework cards tell you something needs work and you want to know where to act first.
It helps answer questions like:
- Which controls are still weak across multiple frameworks?
- Which applications need stronger evidence coverage?
- Which policy improvements close more than one gap at once?
When a framework is slipping, this is the first place to open.
Compliance Officer views also include action cards above the tabs for open policy suggestions, framework evidence gaps, newly activated rules, and export-ready applications.
ROI & Savings Dashboard
Visible only to roles with ROI access, including Business Owner.
This tab frames compliance work in business terms. It summarizes estimated risk reduction, avoided incident cost, audit-efficiency gains, and review-throughput improvement.
Use it for executive updates, prioritization conversations, and business-case framing.
ROI Calculator
The ROI Calculator lets business-oriented users model scenarios rather than just read current estimates. Use it when you want to test assumptions about review cost, savings, or compliance-program payoff.
Regulatory Reference
This tab is the operational reference library for audit preparation, self-assessment, and remediation planning. Non-business-owner roles see this as Regulatory Reference. Business Owner sees a simplified Framework Summary instead.
Related Documentation
In-depth guide to continuous framework monitoring using the Compliance workspace.
Compliance Monitoring GuideVeriProof’s mapping to EU AI Act obligations and operational evidence.
EU AI ActHow VeriProof maps to the ISO AI Management System standard.
ISO/IEC 42001Generating, validating, and delivering audit-ready evidence packages.
Evidence Export GuideHow cryptographic erasure satisfies GDPR Article 17 without altering blockchain records.
GDPR Cryptographic Erasure