# Compliance

## Framework

The fundamental object of CISO Assistant for compliance is the framework. It corresponds to a given **standard**, e.g. ISO27001:2022. They can be imported from the library. If you don't find a framework which fits your needs, no worries, you can build your own framework and add it to CISO Assistant!

## Audit

This allows you to **assess your compliance** with the **chosen framework** through different statuses for each requirement that requires one of the following:

* To do
* In progress
* Non compliant
* Partially compliant
* Compliant
* Not applicable

{% hint style="info" %}
Evaluate a requirement inside a compliance assessment is called **requirement assessment**
{% endhint %}

## Evidence

Evidence allows you to use a description, link or file to justify the status of a compliance requirement or to prove that a control has been applied. They can therefore be associated with different [applied controls](https://app.gitbook.com/o/HbfwRhJ3GSwl5w6MOhZw/s/UJGpmCYDFJNsz2CDasSm/~/changes/3/glossary/context#applied-control) or requirement assessments.