ComplianceAide
Product guide

How ComplianceAide works

ComplianceAide helps teams gather evidence, choose a compliance framework, run an AI-guided assessment, and turn the results into practical next steps. Examples include CMMC, HIPAA, ISO 27001, SOC 2, PCI DSS, CIS Controls, UK Cyber Essentials, GDPR, DORA, and NIS2. It does not certify your organization or replace human review.

Open my workspace Start free trial Back to your portal

For business owners

Start with the documents and screenshots you already have. The portal helps explain what is missing and what to do next.

  1. Open your workspace.
  2. Upload or connect evidence.
  3. Pick the requirement you care about.
  4. Review gaps and recommended actions.

For MSPs

Use the MSP portal to manage customer workspaces, invite users, and keep each customer's evidence in the right place.

  1. Create or open a customer workspace.
  2. Activate the one-time annual workspace license ($4,800 USD for 12 months) before relying on assessments or reports.
  3. Invite the customer contact after the workspace is ready for use.
  4. Connect shared evidence when ready.
  5. Use assessments and reports to drive the next meeting.

For auditors and advisors

Review mapped evidence, rationale, gaps, and generated artifacts as a working draft that still needs professional judgment.

  1. Join through the shared workspace or invite path provided by the MSP or customer.
  2. Confirm the selected framework and review control coverage.
  3. Challenge weak or missing support.
  4. Download MD/PDF reports, policies, or action lists for review.

Common next steps

Evidence
Add policies, screenshots, questionnaires, exports, diagrams, or other readable proof.
Framework
Choose the standard or customer requirement that should guide the review, from CMMC Level 2 or HIPAA to UK Cyber Essentials / Cyber Essentials Plus, GDPR, DORA, NIS2, ISO 27001, SOC 2, PCI DSS, CIS Controls, and more.
Assessment
Run a readiness/gap assessment, then fetch or discuss the completed result in chat. CMMC Level 2 still requires the applicable official or C3PAO assessment path; StateRAMP work still requires the right 3PAO, PMO, and sponsor authorization path; CJIS work still requires the applicable CSA/FBI audit path; regulated UK/EU programs still require the right legal, auditor, or authority review.
Artifacts
Generate draft reports, policies, workbooks, SSP support, or action lists for review.

Do not upload passwords, bank data, tax IDs, PHI or patient records, CUI, CJI/criminal justice information, FTI/federal tax information, ITAR/export-controlled files, or other sensitive evidence until the approved secure channel is confirmed. HIPAA work that involves PHI requires a BAA-covered path before PHI is submitted; CJIS and IRS 1075 work require an approved handling path before CJI or FTI is submitted.