Commercial · AI Governance · Government & Contractor
Complianta helps technology companies understand, measure, and manage compliance across commercial, AI governance, and government frameworks — from a free five-minute Navigator to a full workspace for ongoing compliance operations.
Start free and move at your own pace — from discovering your obligations to managing your full compliance operation.
Step 1
Discover which frameworks apply to your business
Answer 15 plain-language questions about your company, data, markets, and technology. The Navigator evaluates 12 frameworks and returns a prioritised list — ranked by how strongly each framework applies to your situation.
Step 2
Measure how prepared you are for certification
A structured 47-question assessment covering security controls and AI governance practices. Receive deterministic scores, an AI-generated executive summary, a gap analysis, and a phased implementation roadmap — delivered as a PDF report.
Step 3
Track and manage your compliance programme
A persistent workspace where you manage controls, policies, evidence, and tasks across all your active frameworks. Track progress towards certification, assign owners, and monitor your compliance posture over time.
Commercial compliance, AI governance, and government contractor requirements — all in one place.
SOC 2
Trust Services Criteria for security, availability, and confidentiality — required by most enterprise buyers.
ISO/IEC 27001
International standard for information security management systems. Recognised globally.
HIPAA
US federal law governing protected health information. Required for healthcare and health-tech companies.
GDPR
EU data protection regulation. Applies to any organisation processing data of EU residents.
PCI DSS
Payment card security standard. Required if you store, process, or transmit cardholder data.
ISO/IEC 42001
The world's first AI management system standard. Demonstrates responsible AI development and deployment.
EU AI Act
EU risk-based regulatory framework for AI systems. Mandatory for high-risk AI deployed in the EU.
NIST AI RMF
US voluntary framework for managing AI risks across the AI lifecycle. Increasingly referenced in procurement.
CMMC
Cybersecurity Maturity Model Certification. Required for DoD contractors handling Federal Contract Information.
FedRAMP
Federal cloud security authorisation program. Required to sell cloud services to US federal agencies.
CUI / NIST SP 800-171
Controlled Unclassified Information protection. Mandatory for contractors handling sensitive federal data.
StateRAMP / GovRAMP
State-level cloud security program. Required by many state and local government procurement processes.
01
Run the free Compliance Navigator — 15 questions about your company, data, markets, and technology — and get a prioritised list of the frameworks that apply to you.
02
Complete the Readiness Assessment for your priority frameworks. Receive deterministic scores, a gap analysis, and a phased roadmap — delivered as a PDF report.
03
Use the Compliance Workspace to track controls, manage policies and evidence, and monitor progress toward certification across all your active frameworks.
The Compliance Navigator takes 5 minutes and gives you a clear, prioritised picture of which frameworks apply to your business — before you commit to anything.