.png?fit=max&auto=format&n=tsMQJyneJ1xquFUo&q=85&s=4d401cc03b547d99b6f75a6bd170c334){kind=spacer}
Frameworks
A compliance framework is a structured set of requirements your organization must meet — for example, SOC 2, ISO 27001, GDPR, or HIPAA. In DSALTA, you activate a framework to start tracking compliance against its criteria. Each framework has areas (major categories) and criteria (specific requirements within each area).Controls
Controls are the specific actions, processes, or configurations your organization implements to satisfy framework requirements. A single control can map to multiple frameworks, so completing a control for SOC 2 may also satisfy an ISO 27001 requirement. Each control has a status: Completed, Needs Attention, or No Evidence.Evidence
Evidence proves that a control is implemented and working. Evidence comes from four sources:- Policies — approved policy documents
- Documents — uploaded files like screenshots, certificates, or agreements
- Automated tests — checks that run against your connected integrations
- Workflow checks — recurring manual verifications
Policies
Policies are formal documents that define your organization’s rules and procedures. DSALTA provides pre-built, audit-ready policy templates that you can customize, approve, and link to controls.Documents
Documents are evidence files that support your controls — board charters, employee agreements, background check records, insurance certificates, and similar. Each document has an owner, a review frequency, and a status.Tests
Tests verify that controls are operating effectively. Automated tests run against your integrations (e.g., checking that MFA is enabled). Manual tests require a team member to verify and upload evidence.Audits
An audit is a formal review of your compliance program. In DSALTA, you create an audit, invite your auditor, and share evidence directly through the platform. The audit dashboard tracks evidence readiness across all controls, tests, policies, and documents.Vendors
Third-party vendors that handle your data or systems carry risk. DSALTA’s vendor management lets you assess, score, and monitor vendor security posture over time.Trust Center
Your Trust Center is a public-facing page that showcases your security and compliance posture to customers and prospects. It displays certifications, controls, resources, subprocessors, and FAQs.How it all fits together
Framework → requires Criteria → mapped to Controls → proven by Evidence (Policies + Documents + Tests) → reviewed in an Audit → showcased on your Trust Center