🛡️ GuardFoxCopilot Documentation

Compliance Manager

Map security controls to SOC2, ISO27001, NIST CSF, and PCI DSS. Generate evidence reports as PDF.

Route: /compliance

How it works

Overview

How the Compliance Manager Works

GuardFoxCopilot maps your active security controls to four major frameworks:

FrameworkControlsUse case
SOC 2 Type II40SaaS vendors, cloud providers
ISO/IEC 27001:2022110International security certification
NIST CSF68US federal, critical infrastructure
PCI DSS v4.0131Payment card processing

How controls are mapped

Each framework control is evaluated against live data from your GuardFoxCopilot platform:

  • Met — control is actively satisfied by a platform feature with evidence
  • Partial — some aspects covered, gaps remain
  • Not Met — no evidence found — requires remediation
  • N/A — control not applicable to your deployment

Evidence items

Each control lists specific evidence items pulled from the platform (e.g., "NextAuth.js RBAC middleware active", "Audit log captures all privileged actions"). These are used directly in audit evidence packages.

Generating evidence reports

How to use

Generating Evidence Reports

  1. Select your framework (SOC2, ISO27001, NIST CSF, or PCI DSS)
  2. Click Generate Evidence Report (top right)
  3. GuardFoxCopilot compiles:

- Executive summary with coverage score

- Control-by-control status table

- Evidence items with timestamps

- Gap analysis with remediation recommendations

  1. Download the PDF — ready for auditors or internal review

Preparing for an audit

  1. Run the report 2–4 weeks before your audit date
  2. Review the Gaps section — controls with "Not Met" status
  3. Address gaps or document risk acceptance for each
  4. Re-run the report to verify improvement
  5. Export final version for auditor delivery

Keeping evidence current

Evidence items are re-evaluated daily. Check the "Last Verified" timestamp on each control — items older than 30 days should be re-verified manually.