Skip to main content

About Frameworks Management

The Frameworks page is where you define the compliance standards your organization follows. Frameworks such as SOC 2, ISO 27001, and ISO 42001 can be added, managed, and tailored within the platform. This page is the starting point for building your compliance program. Once you select a framework, the platform generates controls specific to your company’s profile. From there, actions and evidence collection begin. Frameworks can also be imported from other systems or added via CSV, providing flexibility for companies migrating from existing tools.

How It Works

Frameworks management provides a structured approach to compliance by allowing you to select industry standards and automatically generate tailored controls based on your organization’s profile. The system uses AI to create company-specific requirements that map to framework obligations, reducing the complexity of compliance setup. The platform supports both standard framework selection and custom framework creation, giving you flexibility to address unique compliance needs while maintaining alignment with industry standards.

Frameworks Management Capabilities

Add a Framework

1

Navigate to Frameworks

Navigate to Frameworks in the sidebar.
2

Create New Framework

Click New Framework.
3

Choose Standard

Choose from available standards (SOC 2, ISO 27001, ISO 42001).

Tailor with AI

1

Fill Company Profile

Fill in or confirm your company profile (industry, size, tech stack, security tools).
2

Run AI Setup

Run the AI setup.
3

Generate Tailored Controls

The platform generates tailored controls and actions mapped to the framework’s requirements.

Import Frameworks or Controls

  • Use the Import option to bring in existing controls via CSV or migrate them from other compliance tools (e.g., Vanta, Drata). Imported frameworks and controls are automatically normalized by the platform to align with internal mappings and avoid duplication
  • CSV Import: Upload existing controls via CSV. The import wizard maps your fields to Iru’s schema
  • Migrate from Vanta: Requires an API key
  • Migrate from Drata: Requires an API key
  • You can also start from scratch, which allows admins to create controls manually, define requirements directly in the platform, and build a custom control library from the ground up. This option is useful for organizations with unique compliance needs or internal standards not covered by existing frameworks

Manage Frameworks

  • View all frameworks currently in scope
  • See progress percentages and readiness metrics for each framework
  • You can open a framework to:
    • See the full list of controls generated or imported
    • Customize controls (edit, add, or remove based on company context)
    • View the specific framework requirements each control is mapped to
    • See the list of actions attached to each control
    • Review artifacts that are linked to actions and controls
    • Track readiness across all controls within the framework in one place