Iru Compliance helps you run frameworks such as SOC 2 or ISO 27001, collect evidence against controls, and publish a Trust Center for customers and auditors when your subscription includes it. Follow Recommended setup below: complete Organization profile, add frameworks, connect Sources, and work Actions. For who can add frameworks, connect integrations, edit Trust Center, and other tasks, see Compliance Permissions.Documentation Index
Fetch the complete documentation index at: https://docs.iru.com/llms.txt
Use this file to discover all available pages before exploring further.
Need help with a step? Contact Iru Support.
About Iru Compliance
You can add standards such as SOC 2, ISO 27001, ISO 42001, and HIPAA in your tenant. Other catalogs (for example GDPR, NIST CSF) appear when your tenant makes them available. Open Frameworks to see what you can add. Iru uses your organization profile (industry, company size, tech stack, and security tooling) so generated controls match how you work. Trust Center is optional: it publishes approved certifications and documents externally. See Trust Center Management.Recommended setup
Open Organization profile
Select Organization to open Organization profile. Iru may prompt you while you add a framework.
Complete your company details
Fill in the fields that apply. For example: company logo, company name, business description, industry, business type, company size, company language, whether you have an IT department, and security team size. Keep this information current as your environment changes.
Add a framework
On the left navigation bar, expand Compliance and select Frameworks. Use AI-assisted setup, CSV import, migration from a supported product, or a custom framework. See Frameworks Management.
Connect sources
Expand Compliance and select Sources. Turn on the toggle for each integration that should supply evidence (identity, HR, cloud, code hosts, and others). See Sources Management.
Assign actions
Expand Compliance and select Actions. Review actions, assign owners, set due dates, and attach or confirm evidence. See Actions Management.
Core concepts
FrameworksStandards your organization tracks. You can run several at once; one piece of evidence can cover more than one obligation when requirements overlap. Controls
Requirements mapped to the framework. They may come from AI generation, import, or manual entry. Actions
Tasks linked to controls. Descriptions tell the product and connected Sources what evidence to collect. Artifacts
Files and records (policies, exports, screenshots, logs, reports) tied to actions and controls. See Artifacts Management. Sources
Integrations that pull or attach evidence for the actions they support. See Sources Management.
What you can do next
- Turn framework language into controls and actions with owners and due dates.
- Gather evidence manually or through Sources; validate artifacts where the product supports it.
- Track readiness from framework and action views.
- Publish selected content through Trust Center when your plan includes it.
Related articles
- Frameworks Management: add frameworks, imports, and migrations.
- Platform Workflows: how profile, frameworks, sources, actions, and evidence connect.
- Sources Management: connector guides by category (use search and Category on Sources).
Related product documentation
- Iru Overview: how Endpoint, Identity, Compliance, Trust Center, and Iru AI fit together.
- Getting Started: Endpoint setup from foundation through platform setup, Blueprints and Library, and enrollment; pair with the Iru Endpoint Compliance source when controls need device evidence.
- Team Member Role Permissions: organization roles (alongside Compliance Permissions).