Compliance Frameworks

Custom Framework Builder

Define custom compliance frameworks with your own controls, categories, and evaluation criteria — ideal for internal policies and industry-specific requirements.

Updated March 20265 min read

On this page

When to Use Custom Frameworks

Custom frameworks are useful when your organization has internal security policies, client-specific requirements, or industry regulations not covered by the built-in frameworks. Enterprise customers can create custom frameworks that leverage the same scanning, evidence collection, and reporting infrastructure as the standard frameworks.

  • Internal security policies and standards
  • Client-specific contractual security requirements
  • Industry regulations not yet supported as built-in frameworks
  • Organization-specific hardening baselines

Creating a Framework

Navigate to Settings → Frameworks → Create Custom Framework. Define the framework name, version, and description. Then add controls organized by categories. Each control has an identifier, title, description, and evaluation type (automated, manual, or hybrid). Controls can be tagged with maturity levels for organizations using a phased implementation approach.

  • Define framework metadata: name, version, description
  • Organize controls into categories for logical grouping
  • Set evaluation type per control: automated, manual, or hybrid
  • Optional: add maturity levels for phased implementation

Mapping to Universal Controls

For maximum efficiency, you can map your custom framework controls to UCF universal controls. This enables assessment propagation — when you assess a universal control for SOC 2 or ISO 27001, the result automatically propagates to your custom framework control. This eliminates redundant assessments for overlapping requirements.

  • Map custom controls to existing UCF universal controls
  • Benefit from assessment propagation across all frameworks
  • Identify overlap between your custom requirements and standard frameworks
  • Reduce assessment effort by leveraging existing scan results

Importing Controls

Instead of manually creating each control, you can import controls from a CSV or JSON file. The import format supports control ID, title, description, category, maturity level, and optional UCF mapping. This is useful for migrating from spreadsheet-based compliance tracking into ComplyWise.

  • CSV import: control_id, title, description, category, maturity_level
  • JSON import for structured data with nested categories
  • Bulk UCF mapping via import file
  • Validation report showing any import errors before committing

Reporting & Assessment

Custom frameworks appear alongside standard frameworks in your dashboard, reports, and gap analysis views. You can generate compliance readiness reports, track progress over time, and export assessment data. Custom framework controls are included in the UCF scorecard where they are mapped to universal controls.

  • Dashboard compliance score includes custom framework data
  • Generate readiness and gap analysis reports for custom frameworks
  • Export custom framework assessments for external reporting
  • Track progress over time with the same trend analysis tools
CIS Benchmarks OverviewAuthentication & API Keys
← Back to Documentation