Skip to main content
Frameworks (such as ISO 27001, SOC 2, GDPR, and the EU AI Act) define the controls your organization needs to satisfy. Keldyn works with frameworks at two levels — across your whole organization and within each use case — and lets you track how far along each control is.

Organization vs. use case

LevelWherePurpose
OrganizationOrg Controls in the sidebarTrack framework scope, coverage, and control maturity for the organization as a whole.
Use caseThe Compliance and Security tabs in a use case’s Architecture WorkspaceTrack the controls that apply to a specific system.

Enable a framework

1

Open framework alignment

For the organization, go to Org Controls and select Add Framework. For a use case, open its workspace and select Add Framework (or the Frameworks page).
2

Select frameworks

Choose the frameworks that apply. Active frameworks appear in their own tabs.
3

Complete the questionnaire

Each framework has a short questionnaire. Select Continue questionnaire and answer the questions so Keldyn can scope the right controls.

Track control implementation

Each framework tab shows its Control Requirements as a list. Expand a control to see its description, implementation guidance, underlying threat, finding, and evidence. For each control you can:
  • Set the status — using the update dialog, mark a control as Pending Review, In Progress, Implemented, or Not Applicable.
  • Assign an owner — use Assign Owner to make a team member responsible.
  • Mark not applicable — toggle Not Applicable and note why it doesn’t apply.
  • Add evidence — record notes, upload a file, or add a link directly on the control. See Evidence & audits.
Findings summarize gaps for a control. You can regenerate findings across a framework’s controls with Regenerate findings and review them in each control’s detail.

Coverage and reporting

At the organization level, each framework shows coverage metrics so you can gauge maturity:
  • Controls in scope
  • Coverage (percentage implemented)
  • Implemented controls
  • Missing controls
Coverage is calculated on in-scope controls only. Use Download Report on a framework to export a maturity report.
Use the Filter options to focus on controls by status, owner, or applicability.

Next steps

Evidence & audits

Attach evidence to controls and manage audits and certifications.

Working with a use case

Generate an architecture and track control progress inside the workspace.