Eight framework assessments, AI-driven guidance, an Evidence Vault, a Policy Generator, and a Supply Chain Risk Manager, all in one platform designed for the way compliance actually works.
Regulatory and certification requirements aren't slowing down. Organisations now navigate an overlapping stack of obligations: Cyber Essentials, ISO 27001, DORA, CAF, the EU AI Act, each with its own control language, evidence expectations, and audit timelines. Keeping track of what applies, where the gaps are, and what to fix first is a specialist job most organisations can't sustain in-house.
Traditional responses rely on spreadsheets and costly consultants, producing point-in-time snapshots that go stale the moment they're saved. Compliance becomes a recurring expense rather than a strategic capability, and organisations spend as much time coordinating evidence as they do on actual security improvement.
Security Compliance Hub was built to close that gap.
SCH is more than an assessment tool. It's a compliance intelligence layer, a platform that understands your answers, maps them across frameworks, and brings AI-powered reasoning to what would otherwise be a manual, expert-dependent process.
Phronesis, your embedded AI security advisor, analyses your scores and produces prioritised remediation plans, per-control regulatory guidance, and complete security policies. Not generic recommendations, but advice calibrated to your specific gaps, your sector, and your regulatory context. Ask it anything mid-assessment and it answers in context.
The Evidence Vault lets you attach files directly to assessment questions: screenshots, configurations, certificates, giving auditors exactly what they need, exactly where they need it. Cross-framework mapping means a single answer informs multiple standards simultaneously, and tokenised result sharing lets you send read-only snapshots to partners, investors, or auditors with a single click.
Three interconnected pillars, Compliance, Phronesis, and Supply Chain Risk, built on a shared layer of foundational services.
Each assessment maps to a specific standard or regulation. Complete one, or complete them all, and your results are saved, cross-referenced, and reflected in your Compliance Passport automatically.
The UK government-backed scheme covering five technical controls: firewalls, secure configuration, software updates, access control, and malware protection. Includes an optional supply chain vendor risk module and per-question evidence capture.
The Cyber Assessment Framework used to assess operators of essential services and other regulated organisations across 14 security principles and 83 questions.
The EU Digital Operational Resilience Act for financial entities, covering ICT risk management, incident reporting, resilience testing, third-party risk, and information sharing across 49 questions.
The international standard for information security management systems, assessed across Clauses 4–10 and Annex A controls, with 58 questions and Phronesis-generated ISMS policies.
Readiness assessment aligned to the EU AI Act, ISO/IEC 42001, and NIST AI RMF, covering AI strategy, risk management, data governance, transparency, security, and accountability. Adapts for deployer-only or builder organisations.
A 70-question assessment across 7 domains evaluating Security Operations Centre capability and AI readiness, aligned to NIST CSF and ISO 27001 operational controls. Includes MSSP and enterprise-scale scoring paths.
A unified view that pulls together your CAF, DORA, and NIS2 scores, showing cross-mapped coverage, radar charts, and gap analysis in one place. Feeds your Compliance Passport with a signed, printable posture summary.
Send secure questionnaires to suppliers, score their security posture automatically, and track portfolio risk across your entire supply chain. Risk Purview cross-checks self-reported answers against six live external intelligence sources.
Start with the Compliance Readiness Assessment for a cross-framework picture in under 15 minutes, or dive straight into the assessment most relevant to your obligations.