Cholds

Compliance automation

From “where do we start?”to audit-ready.

Pick your frameworks, connect your stack, and let the platform find every gap, fix it with you, and keep score — until the auditor walks in and nothing surprises you.

ISO 27001SOC 2GDPRHIPAAPCI DSS
Readiness · 3 frameworksLive
96%audit-ready · 8 low-risk items remaining
  • A.5.15 Access control✓ Pass
  • CC6.1 Logical access✓ Pass
  • A.8.13 Backup● In progress

Phase 1 · Scope

Know what you have

Select frameworks, discover every system, and map each one to the controls it must satisfy.

Phase 2 · Close gaps

Find and fix

Automated scanners surface failures with evidence. AI turns each finding into an owned, prioritised task.

Phase 3 · Stay ready

Prove it, continuously

Every change is reassessed automatically. Policies, evidence, and the audit package stay current.

Step 1 · Phase 1

Select your frameworks

Choose the standards you need to meet. The platform loads every control and requirement for each one — that's the target you'll be measured against.

Frameworks

3 frameworks selected · 196 controls loaded

Step 2 · Phase 1

Discover everything you run

Connect your cloud, code, identity, and SaaS accounts. The platform builds a live asset inventory — servers, databases, repos, people, and vendors — so nothing sits outside the audit.

AWS

Cloud · 41 resources

✓ Connected

GitHub

Code · 18 repositories

✓ Connected

Microsoft 365

Identity · 36 employees

✓ Connected

Cloudflare

Edge · 6 zones

✓ Connected

PostgreSQL

Data · 3 databases

✓ Connected

Slack

SaaS · 1 workspace

✓ Connected

Step 3 · Phase 1

Map systems to controls

The mapping engine links every system to the controls it must satisfy, across all selected frameworks — one system, one connection, every requirement covered.

System → Controls → Requirements → Evidence

AWS Account

prod · ap-southeast-2

ISO 27001A.5.15 · Access control
SOC 2CC6.1 · Logical access
GDPRArt. 32 · Security of processing

Step 4 · Phase 2

Run the automated gap assessment

Scanners and API connectors check every mapped control against reality. Each failure comes back with the finding, the evidence, and the fix — not just a red mark.

$ assess --all-connectors

aws · prowler ............ done

github · gitleaks ........ done

m365 · graph api ......... done

cloudflare · api checks ... done

196 controls checked

122 pass · 58 fail · 16 partial

A.5.15 · Access control✕ Failed
Finding
MFA not enforced for administrators
Evidence
AWS IAM credential report · attached
Recommendation
Enable MFA for all administrator accounts

Step 5 · Phase 2

Let AI turn findings into a plan

The remediation assistant drafts the policies and procedures you're missing, and converts every failed control into a task with an owner, a priority, and a technical recommendation.

TaskCritical

Enable MFA for AWS root account

IMInfrastructure Manager

Closes: A.5.15 · CC6.1 · Art. 32

Generated for you
  • Access Control Policy (draft)
  • MFA enforcement procedure
  • 6 remediation tasks, assigned
  • Technical steps per system

Step 6 · Phase 3

Reassess after every change

Close a task, and the relevant scanners run again automatically. The dashboard updates itself — readiness is a live number, not a quarterly report.

Before remediation

122 / 196 controls

After remediation

188 / 196 controls

+66 controls closed this cycle · next assessment: automatic

Step 7 · Phase 3

Walk into the audit ready

When readiness plateaus near the top, everything the auditor asks for already exists — generated, versioned, and backed by evidence.

ISO 27001 · SOC 2 · GDPR · Final position

96% ready

8 low-risk items remaining · none audit-blocking

  • Policies, generated and approved
  • Risk register, current
  • Evidence package, per control
  • Audit checklist, complete

Try it yourself

Walk the process interactively

Select frameworks, connect systems, and remediate your way to audit-ready in a live simulation.

Open the interactive demo →

Beyond compliance

Need your defences tested?

Cholds also runs expert-led penetration tests, delivered through the same portal your compliance work lives in.

Explore penetration testing →