Every requirement source, one library
Track requirements from regulations, standards, contracts and fully custom internal mandates side by side — organized hierarchically, the way frameworks are actually written.
UniSentinel module
Bring regulations, standards, contracts and your own internal mandates into one requirement library, map them to a single company control set and policy registry, and close what's left as tracked gaps — with statement-of-applicability and gap reports ready whenever someone asks for proof.
Capabilities
Built for compliance teams who juggle multiple frameworks — and refuse to maintain the same control in five spreadsheets.
Track requirements from regulations, standards, contracts and fully custom internal mandates side by side — organized hierarchically, the way frameworks are actually written.
Public-domain frameworks like NIST import ready to use. Licensed standards such as ISO 27001 and SOC 2 are tracked as requirement codes with paraphrases — honest handling that respects the licenses you hold.
Register every policy with its metadata and document, keep full version history, assign owners and review cycles, and publish only through an approval gate.
One company control set, mapped across frameworks: a single control or policy satisfies many requirements from many sources at once, so each new framework starts mostly covered.
Unmet requirements become tracked gaps with actions attached — a working list of what's missing, who owns it, and how it gets closed.
Statement-of-applicability and gap-analysis reports, plus compliance-posture widgets for your dashboards — coverage you can show, not just claim.
Standalone by design
License Compliance alone and you still run the full loop: libraries, policies, mapping and gaps. Every integration has a built-in local fallback.
Better together
Integrations are first-class, with defined fallbacks when the counterpart isn't licensed — and automatic data promotion when it is.
Your control set becomes Risk's mitigating controls, and compliance gaps raise risks straight into the register.
Control self-assessment campaigns feed implementation status back onto your mapped controls.
Gap remediation actions become real tracked tasks with owners and due dates, instead of a local checklist.
Scope applicability against real org units and services — which parts of the business each requirement actually applies to.
Gaps raise risks, and audit plans prioritize by risk — so your weakest compliance areas surface in the audit plan.
Strategic objectives link to compliance postures, and posture widgets roll up into the executive dashboard.
How it works
Load requirement libraries or define custom sources — regulations, standards, contracts and internal mandates, structured hierarchically.
Map your single control set and policies to requirements — one mapping can satisfy many frameworks at once.
Turn unmet requirements into gaps with owned actions, and publish policies through approval-gated review cycles.
Run statement-of-applicability and gap-analysis reports, and watch posture widgets track coverage over time.
Only where licensing allows. Public-domain frameworks such as NIST import in full. Licensed standards like ISO 27001 and SOC 2 are tracked as requirement codes with paraphrases — you work against your own licensed copy of the text, and we never reproduce it.
Yes. Requirement sources cover regulations, standards, contracts and fully custom internal mandates, and requirements are hierarchical — so a contract's obligations or your own internal baseline sit alongside imported frameworks and map to the same control set.
Through common-controls mapping. You maintain a single company control set, and each control or policy maps to any number of requirements across sources. Adopt a new framework and the matrix shows immediately what's already covered and what's a genuine gap.
Every policy has an owner, a review cycle and full version history, and publication is approval-gated — a new version goes live only after the defined approvers sign off, with the decision recorded in the audit trail.
Modules
One living inventory of your services, assets and org structure — with relationship-driven network and data-flow diagrams.
Learn moreA configurable risk register with methodologies, heatmaps, treatment plans and approval-gated risk acceptance.
Learn moreThe execution engine: tasks, activities, kanban and calendar views — where every finding, gap and treatment gets done.
Learn moreA reusable questionnaire and campaign engine for self-assessments, control effectiveness and maturity scoring.
Learn moreThe full audit lifecycle: risk-based plans, engagements, workpapers, findings and follow-up — end to end.
Learn moreThe executive layer: strategic objectives, committees, meetings and board-ready reporting across every module.
Learn moreGet started
Book a 30-minute walkthrough. We'll map your program to the modules you need — cloud, on-prem Linux or Windows Server.
Every module works standalone. License only what you need — grow when you're ready.