Compliance framework topics
Use compliance framework topics when you need draft policies, procedures, control narratives, evidence requests, implementation checklists, remediation plans, or audit-response material.
EtherAssist can support compliance work, but it does not replace accountable review by your security, legal, compliance, or audit owners.
Framework coverage
| Framework | Typical outputs |
|---|---|
| ISO 27001 | ISMS policies, control narratives, evidence requests, risk treatment notes, and audit preparation. |
| ISO 22301 | Business continuity policies, impact analysis prompts, recovery procedure drafts, and test evidence requests. |
| ISO 9001 | Quality-management procedures, process maps, corrective-action notes, and document-control guidance. |
| PCI DSS | Cardholder-data handling guidance, evidence checklists, remediation plans, and responsibility summaries. |
| NIS2 | Governance summaries, incident reporting procedures, supplier risk notes, and board-level action plans. |
| DORA | ICT risk-management documentation, resilience testing notes, incident workflow drafts, and third-party risk summaries. |
| CISA SCuBA | Microsoft cloud baseline review notes, evidence requests, and remediation planning. |
| Cyber Essentials | Control-gap summaries, remediation plans, questionnaire preparation, and evidence requests. |
| Lexcel | Legal practice management evidence, policy drafts, and operational procedure support. |
Before you begin
- Identify the framework, clause, control, evidence item, or audit objective.
- State whether the document is for an internal auditor, external auditor, compliance team, security team, or management audience.
- Attach relevant internal policies, control lists, evidence exports, or scope statements when allowed.
- Keep sensitive evidence and customer data within your organisation's handling rules.
Good compliance prompts
Create an ISO 22301 business continuity test evidence checklist for a professional services organisation. Include evidence owner, frequency, sample evidence, and review notes.
Draft a DORA ICT third-party risk procedure. Include scope, roles, onboarding checks, monitoring, exit planning, evidence, and version control.
Turn this PCI DSS gap list into a remediation plan with priority, owner, evidence, validation steps, and target date.
Document output rules
For policy or procedure drafts, ask EtherAssist to include:
- numbered sections;
- practical implementation steps;
- roles and responsibilities;
- evidence and review expectations;
- a version-control table at the end.