PartnerAlly Docs
Getting Started

Your First Framework

Enable and configure a compliance framework in PartnerAlly.

Setting Up Your First Framework

Frameworks are the foundation of compliance management in PartnerAlly. This guide walks you through enabling a framework and completing the optional guided setup.

Understanding Frameworks

A compliance framework is a structured set of guidelines, controls, and best practices that organizations follow to meet regulatory or industry requirements.

PartnerAlly supports these frameworks:

FrameworkFull NamePrimary Use
SOC 2Service Organization Control 2SaaS and service providers
ISO 27001ISO/IEC 27001Information security management
HIPAAHealth Insurance Portability and Accountability ActHealthcare data protection
GDPRGeneral Data Protection RegulationEU personal data protection
PCI DSSPayment Card Industry Data Security StandardPayment card processing
AML/BSAAnti-Money Laundering / Bank Secrecy ActFinancial compliance

Enabling a Framework

Go to Settings

Click Settings in the sidebar (gear icon at the bottom).

Find Risk Frameworks

Scroll to the "Risk Frameworks" section. You'll see all available frameworks listed here.

Enable the Framework

Click the checkbox next to the framework you want to enable. The row will highlight to show it's active.

You can enable multiple frameworks. PartnerAlly will analyze your documents against all enabled frameworks simultaneously.

Set a Target Date (Optional)

For each enabled framework, you can set a target compliance date. This is typically your:

  • Audit date
  • Certification deadline
  • Internal milestone

Click the calendar icon and select your target date. This helps prioritize tasks and track progress.

The Guided Setup Process

After enabling a framework, you'll see a "Start Setup" button. This launches an interactive questionnaire that helps PartnerAlly understand your current compliance posture.

What the Setup Covers

Current State Assessment

Answer questions about your existing:

  • Policies and procedures
  • Security controls
  • Organizational structure
  • Technology environment

Document Linking

Connect existing documents to relevant controls:

  • Upload new policies
  • Link previously uploaded documents
  • Mark controls as "not applicable" if needed

Gap Identification

Based on your answers, PartnerAlly identifies:

  • Missing policies
  • Incomplete controls
  • Areas needing improvement

Initial Recommendations

Receive prioritized recommendations:

  • Quick wins you can address immediately
  • High-priority gaps to focus on
  • Long-term improvements to plan for

Setup Status Indicators

StatusMeaningAction
Start SetupNot yet startedClick to begin
Continue SetupIn progressClick to resume where you left off
Setup CompleteFinishedNo action needed

Setup is Optional: You can skip the guided setup and let PartnerAlly analyze your documents directly. However, completing setup gives more accurate gap identification.

Framework-Specific Tips

SOC 2

  • Focus on the Trust Service Criteria most relevant to your service
  • Security is required; Availability, Confidentiality, Processing Integrity, and Privacy are optional
  • Have your system description ready for context

ISO 27001

  • Consider your scope carefully - what's included in certification?
  • Document your risk assessment methodology
  • Prepare your Statement of Applicability

HIPAA

  • Identify all systems that handle PHI (Protected Health Information)
  • Document Business Associate Agreements
  • Include your breach notification procedures

GDPR

  • Map your data flows and processing activities
  • Document lawful basis for each processing activity
  • Prepare Data Subject Rights procedures

PCI DSS

  • Know your merchant level and SAQ type
  • Document your cardholder data environment
  • Include network segmentation details

AML/BSA

  • Document your customer identification procedures
  • Include transaction monitoring thresholds
  • Prepare your Suspicious Activity Report (SAR) process

Working with Multiple Frameworks

If you enable multiple frameworks, PartnerAlly automatically:

  1. Maps overlapping controls - Many frameworks share similar requirements
  2. Consolidates evidence - One document can satisfy multiple frameworks
  3. Prioritizes by impact - Shows gaps that affect the most frameworks first

Framework Overlap Example

A password policy document might satisfy:

  • SOC 2 CC6.1 (Logical Access)
  • ISO 27001 A.9.4.3 (Password Management)
  • HIPAA §164.312(d) (Person or Entity Authentication)
  • PCI DSS 8.2 (User Identification and Authentication)

Disabling a Framework

If you no longer need a framework:

  1. Go to Settings → Risk Frameworks
  2. Uncheck the framework
  3. Confirm the action

Note: Disabling a framework removes it from your dashboard and gap analysis, but doesn't delete any data. You can re-enable it anytime.

Next Step

Now that you have a framework enabled, learn to navigate the platform to start managing compliance.

Completing Onboarding

Set up your profile, organization, and select your compliance frameworks.

Platform Navigation

Learn how to navigate the PartnerAlly platform, including the sidebar, dashboard, and key areas.

On this page

Setting Up Your First FrameworkUnderstanding FrameworksEnabling a FrameworkGo to SettingsFind Risk FrameworksEnable the FrameworkSet a Target Date (Optional)The Guided Setup ProcessWhat the Setup CoversCurrent State AssessmentDocument LinkingGap IdentificationInitial RecommendationsSetup Status IndicatorsFramework-Specific TipsSOC 2ISO 27001HIPAAGDPRPCI DSSAML/BSAWorking with Multiple FrameworksFramework Overlap ExampleDisabling a FrameworkNext Step