Skip to main content
Skip to main content
FormaOS
Platform Features

Compliance infrastructure
engineered for accountability

25 features across compliance, workflow, identity, collaboration, and AI, built for regulated teams that need provable control over every obligation.

Get Compliance PlanTalk to Sales
Compliance Core5
Workflow & Operations6
Identity & Security4
Collaboration & UX7
AI & Certification3

The platform at a glance

Numbers that reflect the depth and breadth of FormaOS as a compliance operating system.

23
Platform Features
7+
Framework Packs
12+
Automation Triggers
5
Security Layers
AU
Default Hosting Region
Audit-ready
Evidence Export
One connected system

25 features, one operating loop.

Not 25 disconnected tools. Each subsystem feeds the next: obligations become controlled work, gated by identity, surfaced to your team, and proven to auditors. Select a node to trace it.

↻ the loop closes, AI & Certification feeds back into Compliance Core

Compliance Core

5 features

The spine: frameworks, controls, evidence, and posture.

Framework coverage, control enforcement, evidence management, and posture scoring: the operational backbone of your compliance program.

  • 8 Pre-Built Framework Packs
  • Compliance Gate Enforcement
  • Compliance Scoring Engine
  • Evidence Vault with SHA-256
  • Framework Cross-Mapping

Feature catalog · 25 features across 5 categories

Skim · click a category to expand
Compliance Core· 5 features
  • 8 Pre-Built Framework Packs
  • Compliance Gate Enforcement
  • Compliance Scoring Engine
  • Evidence Vault with SHA-256
  • Framework Cross-Mapping
Workflow & Operations· 6 features
  • Workflow Automation
  • Bulk Operations
  • Incident Management
  • Care Plans & Participant Management
  • Policy Lifecycle Management
  • Integration Marketplace
Identity & Security· 4 features
  • SAML 2.0 SSO & Identity Lifecycle Controls
  • Data Residency Controls
  • Immutable Audit Trail
  • Risk Heatmap
Collaboration & UX· 7 features
  • Inline Comments & Collaboration
  • Notification Center
  • Command Palette
  • Global Search
  • Contextual Help Assistant
  • Real-Time Collaboration
  • Custom Dashboard Builder
AI & Certification· 3 features
  • Compliance Q&A assistant
  • SOC 2 readiness + report generator
  • REST API v1

Every feature, built for regulated teams

25 platform features across five categories, each designed to close the gap between compliance obligations and operational execution.

Compliance Core

Framework coverage, control enforcement, evidence management, and posture scoring: the operational backbone of your compliance program.

8 Pre-Built Framework Packs

Most popular

SOC 2 TSC, ISO 27001:2022, NIST CSF 2.0, CIS v8, HIPAA, GDPR, PCI DSS 4.0, and NDIS Practice Standards, each with mapped controls and evaluator coverage in lib/compliance/evaluators/register.ts.

Compliance Gate Enforcement

Critical actions are blocked when required controls are unresolved or evidence is missing. Accountability is enforced by the system before work proceeds.

Compliance Scoring Engine

Real-time compliance posture scoring with historical trending. Scheduled checks run daily to detect drift, expiring credentials, and evidence gaps.

Evidence Vault with SHA-256

Enterprise-grade

Upload, version, and verify compliance evidence with SHA-256 checksums. Every artifact gets tamper-evident chain-of-custody from upload through audit.

Framework Cross-Mapping

Shipping

Map controls across frameworks with strength scoring. 40+ pre-loaded cross-mappings seeded between ISO 27001, SOC 2, HIPAA, and NIST CSF.

Workflow & Operations

Automation, incident management, bulk operations, and care delivery workflows that eliminate manual compliance overhead.

Workflow Automation

Configure automated triggers for task creation, notifications, escalations, and evidence collection. 12+ trigger types across compliance events.

Bulk Operations

Manage controls, evidence, tasks, and user provisioning in bulk. Assign, update, or archive across your entire compliance program in one action.

Incident Management

Full incident lifecycle: report, investigate, assign corrective actions, and close with evidence.

Care Plans & Participant Management

NDIS and healthcare-specific: manage participant care plans, visits, progress notes, and service delivery logs.

Policy Lifecycle Management

New in v3.1

End-to-end policy lifecycle from draft through approval, publication, and retirement with version history and stakeholder review workflows.

Integration Marketplace

New in v3.1

Browse and install 20+ connectors across productivity, cloud, identity, security, and HRIS categories with one-click setup.

Identity & Security

Enterprise identity governance, data residency, immutable audit trails, and risk visualization for regulated environments.

SAML 2.0 SSO & Identity Lifecycle Controls

Enterprise

Enterprise identity governance with Okta, Azure AD, and Google Workspace, plus deployment planning for centralized access control requirements.

Data Residency Controls

AU-hosted by default with configurable data residency preferences. Infrastructure-ready for US and EU regions.

Immutable Audit Trail

Every action logged with full context: who, what, when, and why. Append-only, tamper-evident records.

Risk Heatmap

Visual risk posture across your compliance program. Identify concentrations of overdue controls and evidence gaps at a glance.

Collaboration & UX

Real-time collaboration, intelligent search, contextual help, and keyboard-first workflows for compliance teams.

Inline Comments & Collaboration

Comment on controls, evidence, tasks, and incidents directly. Threaded discussions with @mentions.

Notification Center

Centralized hub for task assignments, evidence reviews, credential expirations, and compliance alerts.

Command Palette

Power-user navigation: jump to any control, task, evidence, or setting instantly. Keyboard-first workflow.

Global Search

Search across controls, evidence, tasks, incidents, and audit logs. Filter by framework, status, or assignee.

Contextual Help Assistant

In-app guidance and documentation surfaced where you need it. Onboarding walkthroughs and contextual tips.

Real-Time Collaboration

Live presence indicators, real-time updates, and synchronized views across the team.

Custom Dashboard Builder

New in v3.1

Build personalised compliance dashboards with 15 widget types, drag-and-drop layout, and shared views for teams and leadership.

AI & Certification

AI-powered compliance intelligence and automated self-certification engines that accelerate audit readiness.

Compliance Q&A assistant

General-purpose · not RAG

General-purpose AI Q&A for compliance questions, policy drafting, and prompt-template workflows. Surface-level org context only, not grounded in your live policies, evidence, or controls.

SOC 2 readiness + report generator

Shipping

61 SOC 2 Trust Service Criteria controls mapped, automated evaluators for ~28 of them, milestone tracking through audit readiness, and a downloadable report.

REST API v1

New in v3.0

Full REST API with 20+ endpoints, bearer API keys with scoped permissions, cursor pagination, rate limiting, and OpenAPI 3.1 specification.

Framework Packs

Pre-built compliance framework libraries

Each framework ships with mapped controls, evidence templates, and cross-framework overlap detection. Activate in one click.

ISO 27001

Popular

Information security management system with Annex A controls.

Controls:114
Full Coverage

SOC 2

Popular

Trust Services Criteria across security, availability, and processing integrity.

Controls:64
Full Coverage

GDPR

EU General Data Protection Regulation compliance with Article mapping.

Controls:45
Full Coverage

HIPAA

Healthcare data protection with Administrative, Physical, and Technical safeguards.

Controls:72
Full Coverage

PCI-DSS

Payment card industry data security standard for cardholder data protection.

Controls:78
Full Coverage

NIST CSF

Cybersecurity framework covering Identify, Protect, Detect, Respond, Recover.

Controls:108
Full Coverage

CIS Controls

Center for Internet Security prioritized security best practices.

Controls:153
Full Coverage
Deep Dive

Explore core capabilities

Four pillars of the FormaOS platform, each engineered for depth, auditability, and operational control.

Tamper-evident evidence at every step

From upload to audit export, every piece of compliance evidence is versioned, hashed, and tracked with full chain-of-custody.

Upload & Hash

SHA-256 checksum generated at upload. Every subsequent access is verified against the original hash.

Version Control

Full version history with diff comparison. See exactly what changed between evidence revisions.

Chain of Custody

Immutable record of who uploaded, reviewed, approved, and exported each evidence artifact.

Audit Export

One-click export of framework-mapped evidence bundles in auditor-ready format with verification metadata.

Expiry Tracking

Automated alerts when evidence approaches expiration dates. Schedule re-collection workflows automatically.

Bulk Operations

Upload, tag, assign, and organize evidence in bulk across multiple frameworks and controls.

Platform Architecture

Five layers of defense in depth

Every request traverses five independent security and compliance verification layers. No single point of failure. No bypass path.

Layer 1

Frontend Gating

React compliance gates with real-time validation. Controls render-blocked UI when prerequisites are unmet.

Layer 2

API Guards

Server-side middleware enforcing permission checks, rate limiting, and compliance state validation on every request.

Layer 3

Business Logic

Workflow engine processing automation rules, scoring calculations, and cross-framework evidence mapping.

Layer 4

Database RLS

Row-Level Security policies ensure tenant isolation at the database layer. Every query is scoped by organization.

Layer 5

Environment Isolation

Infrastructure-level tenant isolation with dedicated encryption keys and configurable data residency.

How It Works

From activation to audit-ready

Six steps to transform compliance from manual overhead into a continuously operating system with verifiable evidence.

Step 01

Activate Frameworks

Select your applicable compliance frameworks. Controls, evidence requirements, and scoring weights are pre-configured.

Step 02

Assign Control Owners

Every control gets a named owner with clear responsibility, review cadence, and escalation path.

Step 03

Collect & Verify Evidence

Upload evidence with SHA-256 verification, automated expiry tracking, and cross-framework mapping.

Step 04

Automate Workflows

Configure triggers for task creation, notifications, and escalations. Compliance runs on autopilot.

Step 05

Monitor & Score

Continuous posture scoring with daily checks, drift detection, and real-time risk heatmap visualization.

Step 06

Export Audit Packets

Export framework-mapped evidence bundles with verification metadata and reviewer-ready context.

Built Different

Legacy compliance vs FormaOS

See the structural difference between managing compliance in spreadsheets and operating it as infrastructure.

Spreadsheet-based control tracking
Structured control libraries with framework mapping
Evidence stored in shared drives
SHA-256 verified Evidence Vault with chain-of-custody
Manual audit preparation over weeks
Mapped audit packet export without rebuilding evidence manually
No enforcement of compliance workflows
Compliance Gates block progress until requirements met
Disconnected identity management
SAML 2.0 SSO + centralized access controls
Reactive risk discovery during audits
Continuous risk scoring with real-time heatmap
No clear ownership or accountability
Named control owners with escalation chains
Point-in-time compliance snapshots
Continuous compliance with daily automated checks

Compliance Plan

Ready to operate compliance as infrastructure?

See how FormaOS replaces spreadsheet-based compliance with a structured operating system built for regulated teams.

Get Compliance PlanEnterprise Options
SOC 2-aligned workflows
Privacy review support
Enterprise review support
Assessment-led onboarding