Compass
Continuous Compliance for ENS, NIS2, ISO 27001 and SOC 2
Prove compliance without the manual work.
Compass maps your controls once against ENS, NIS2, ISO 27001 and SOC 2, validates them continuously, and generates audit-ready evidence automatically. When an auditor arrives, the work is already done.
Map
Map identity controls to framework requirements and identify coverage gaps.
Monitor
Validate controls continuously against live identity posture data.
Prove
Generate audit-ready evidence packages organised by framework and period.
From point-in-time audits to continuous compliance
Compass replaces the manual cycle of gathering evidence, with a continuous model: identity controls are validated in real time, evidence accumulates automatically, and audit readiness becomes a permanent state.
Map your controls. Know your gaps.
Compass maps identity controls to ENS, ISO 27001, NIS2 and SOC 2 regulatory requirements simultaneously. A single technical check satisfies requirements across multiple frameworks at once, without duplicating work or creating redundant validation.
Continuous validation, not manual checklists
Compass validates identity controls against live posture data from Octagon. Every check reflects what is actually in place today, not what was documented last quarter. Controls that drift out of compliance are flagged automatically.
Evidence ready when you need it.
Compass builds an audit trail automatically as controls are validated. Evidence is organised by framework, control and audit cycle. Ready to hand off to auditors without a manual collection exercise.
Frameworks supported out of the box.
Compass ships with mappings for the frameworks that matter most to European enterprises and regulated organisations. No manual mapping required to get started.
Spanish national security framework for public sector and critical infrastructure. Compass maps identity controls to ENS categories and validates continuously.
International standard for information security management systems. Compass covers identity-related Annex A controls with automated evidence collection.
EU directive for critical infrastructure operators. Compass validates identity security measures required under NIS2 Article 21 obligations.
Trust services criteria for SaaS and cloud providers. Compass validates identity access controls against CC6 and related criteria continuously.
Compliance grounded in real posture data.
Every gap surfaced by Compass arrives with full identity context attached. Compliance teams know which identities are affected, which posture findings caused the drift, and which configurations are out of policy, before deciding how to remediate. No sampling, no spreadsheets, no quarterly reconciliation.
Everything you need to stay continuously compliant across every regulatory framework.
Multi-framework control mapping
Map identity controls once and apply them across ENS, ISO 27001, NIS2, and SOC2 simultaneously. No duplicate work for each framework.
Continuous automated validation
Validate controls continuously, not just during audit preparation. When a configuration drifts out of compliance, it is detected immediately so compliance posture is visible in real time.
Audit-ready evidence packages
Generate structured evidence packages automatically before every audit cycle. Exports in the format auditors actually expect.
Gap analysis & remediation guidance
Control gaps with clear remediation steps tied directly to specific identities and configurations. Every gap is prioritized by risk and mapped to the exact regulatory article it affects.
Beyond identity controls when you need it
For non-identity controls that still need to be evidenced for an audit, Compass supports manual evidence upload with structured tracking. The audit picture stays complete, without forcing 8Layers into a full GRC role.
Connected to your identity posture
Compass reads posture data from Octagon through the shared identity data layer. Every control is validated against live configuration state, not snapshots. No manual export, no waiting for nightly batch jobs.
Audit season shouldn't be a crisis.
Book a demo to see how Compass gives your team continuous compliance visibility — and generates evidence packages automatically.