Framework Health
Monitor the compliance status of each individual framework you've enabled.
Framework Health
The Framework Health card shows the compliance status of each framework you've enabled. Unlike the Trust Rating (which is an aggregate), Framework Health gives you visibility into how well you're doing with SOC 2, ISO 27001, HIPAA, or any other framework individually.
What Framework Health Shows
For each enabled framework, you'll see:
- Health percentage - Overall compliance score for that framework
- Color indicator - Green (healthy), yellow (needs attention), red (critical)
- Gap count - Number of open gaps for this framework
- Trend arrow - Whether the score is improving or declining
Supported Frameworks
PartnerAlly supports these compliance frameworks:
| Framework | Description | Common Use |
|---|---|---|
| SOC 2 | Service Organization Control 2 | SaaS companies, cloud services |
| ISO 27001 | Information Security Management | Global enterprises, data security |
| HIPAA | Health Insurance Portability Act | Healthcare, health data handling |
| GDPR | General Data Protection Regulation | EU data protection, privacy |
| PCI-DSS | Payment Card Industry Standard | Payment processing, e-commerce |
| AML | Anti-Money Laundering | Financial services, crypto |
| NIST CSF | NIST Cybersecurity Framework | US government contractors |
| SOX | Sarbanes-Oxley Act | Public companies, financial controls |
You can enable or disable frameworks at any time in Settings. See Framework Settings for details.
How Framework Health Is Calculated
Each framework's health score is based on:
| Factor | Description |
|---|---|
| Open gaps | Unresolved compliance gaps for this framework |
| Control coverage | Controls with associated evidence |
| Risk items | Framework-specific risks in your registry |
| Evidence freshness | How recent your framework documentation is |
Score Interpretation
| Score | Meaning |
|---|---|
| 90-100% | Audit-ready for this framework |
| 75-89% | Good coverage with minor gaps |
| 50-74% | Significant remediation needed |
| Below 50% | Major compliance gaps present |
Viewing Framework Details
Click a Framework
From the Framework Health card, click any framework name to see its details.
Review Controls
See all controls for this framework, grouped by control family or category.
Check Evidence
View which controls have evidence and which need documentation.
View Gaps
See all compliance gaps specific to this framework, sorted by severity.
Framework-Specific Insights
SOC 2
- Organized by Trust Service Criteria (Security, Availability, etc.)
- Shows common criteria (CC) and point of focus items
- Highlights control gaps auditors frequently check
ISO 27001
- Grouped by Annex A control domains
- Shows Statement of Applicability (SoA) status
- Tracks required vs. implemented controls
HIPAA
- Separates Administrative, Physical, and Technical safeguards
- Highlights Protected Health Information (PHI) risks
- Tracks Business Associate requirements
GDPR
- Focuses on data subject rights
- Tracks lawful basis documentation
- Monitors data processing activities
Comparing Frameworks
The Framework Health card lets you quickly compare:
- Which frameworks are strongest
- Where to focus remediation efforts
- Progress across multiple frameworks simultaneously
Priority Matrix
Use this to prioritize effort:
| Your Situation | Focus On |
|---|---|
| Upcoming SOC 2 audit | SOC 2 framework first |
| Handling health data | HIPAA controls |
| EU customers | GDPR compliance |
| Multiple frameworks | Lowest scoring first |
Improving Framework Health
Targeted Remediation
- Identify the weakest framework - Start with the lowest score
- Review open gaps - Click into the framework to see gaps
- Create workflows - Build remediation plans for gaps
- Upload evidence - Add documentation to improve coverage
Cross-Framework Efficiency
Many controls overlap between frameworks:
- SOC 2 CC6.1 (Access Control) ↔ ISO 27001 A.9 (Access Control)
- HIPAA Security Rule ↔ SOC 2 Security criteria
- GDPR Article 32 ↔ ISO 27001 security controls
When you resolve a gap or upload evidence, PartnerAlly automatically maps it to all relevant frameworks. One action can improve multiple framework scores.
Framework Health Alerts
You can configure alerts for framework health:
- Threshold alerts - Notify when a framework drops below a percentage
- Gap alerts - Notify when new gaps are identified
- Improvement alerts - Celebrate when scores increase
Configure these in Notification Settings.
Common Questions
Can I hide a framework I don't need?
Yes. Go to Framework Settings to disable any framework. This removes it from your dashboard and stops gap analysis for that framework.
Why does my framework health differ from Trust Rating?
The Trust Rating is a weighted average across all frameworks. A single framework's health might be higher or lower than the aggregate depending on:
- How many controls that framework has
- The severity of its gaps
- The weight assigned to that framework
How do I add a new framework?
- Go to Settings > Frameworks
- Click "Enable Framework"
- Select the framework you want
- PartnerAlly will analyze your documents against the new framework
Next Steps
- Control Status - See control-level details
- Compliance Gaps - Review framework-specific gaps
- Framework Settings - Configure enabled frameworks