> ## Documentation Index
> Fetch the complete documentation index at: https://docs.keldyn.ai/llms.txt
> Use this file to discover all available pages before exploring further.

# Frameworks & controls

> Enable compliance frameworks and track control implementation across your organization and individual use cases.

Frameworks (such as ISO 27001, SOC 2, GDPR, and the EU AI Act) define the controls your organization needs to satisfy. Keldyn works with frameworks at two levels — across your whole **organization** and within each **use case** — and lets you track how far along each control is.

## Organization vs. use case

| Level            | Where                                                                                                      | Purpose                                                                                |
| ---------------- | ---------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------- |
| **Organization** | **Org Controls** in the sidebar                                                                            | Track framework scope, coverage, and control maturity for the organization as a whole. |
| **Use case**     | The **Compliance** and **Security** tabs in a use case's [Architecture Workspace](/working-with-use-cases) | Track the controls that apply to a specific system.                                    |

## Enable a framework

<Steps>
  <Step title="Open framework alignment">
    For the organization, go to **Org Controls** and select **Add Framework**. For a use case, open its workspace and select **Add Framework** (or the **Frameworks** page).
  </Step>

  <Step title="Select frameworks">
    Choose the frameworks that apply. Active frameworks appear in their own tabs.
  </Step>

  <Step title="Complete the questionnaire">
    Each framework has a short questionnaire. Select **Continue questionnaire** and answer the questions so Keldyn can scope the right controls.
  </Step>
</Steps>

## Track control implementation

Each framework tab shows its **Control Requirements** as a list. Expand a control to see its description, implementation guidance, underlying threat, finding, and evidence.

For each control you can:

* **Set the status** — using the update dialog, mark a control as **Pending Review**, **In Progress**, **Implemented**, or **Not Applicable**.
* **Assign an owner** — use **Assign Owner** to make a team member responsible.
* **Mark not applicable** — toggle **Not Applicable** and note why it doesn't apply.
* **Add evidence** — record notes, upload a file, or add a link directly on the control. See [Evidence & audits](/evidence-and-audits).

<Note>
  Findings summarize gaps for a control. You can regenerate findings across a framework's controls with **Regenerate findings** and review them in each control's detail.
</Note>

## Coverage and reporting

At the organization level, each framework shows coverage metrics so you can gauge maturity:

* **Controls in scope**
* **Coverage** (percentage implemented)
* **Implemented controls**
* **Missing controls**

<Tip>
  Coverage is calculated on in-scope controls only. Use **Download Report** on a framework to export a maturity report.
</Tip>

Use the **Filter** options to focus on controls by status, owner, or applicability.

## Next steps

<CardGroup cols={2}>
  <Card title="Evidence & audits" icon="folder-check" href="/evidence-and-audits" arrow={true}>
    Attach evidence to controls and manage audits and certifications.
  </Card>

  <Card title="Working with a use case" icon="box" href="/working-with-use-cases" arrow={true}>
    Generate an architecture and track control progress inside the workspace.
  </Card>
</CardGroup>
