Multi-Framework Compliance Audit

NuboComply

147 controls mapped simultaneously across SOC2, ISO 27001, CIS AWS, GDPR, UK Cyber Essentials, NCSC, NIST CSF, PCI DSS, and AWS Well-Architected. Every failing control shows every framework it violates. Fix one thing — close gaps across nine frameworks at once.

Get a free compliance audit → See Sample Report

Technical gap analysis only · Not a certification · Requires licensed auditor for certification

147
controls assessed
9
frameworks
26
avg score/100
32
evidence items
<5m
full audit
Why NuboComply

Your auditor charges £500/day to find what NuboComply finds in 5 minutes.

SOC2 certification typically costs £15,000–£40,000 and takes 6 months. Most of that time is spent finding gaps you could have found yourself. NuboComply finds them first.

🏆

Pre-audit readiness

Know your technical gaps before your auditor bills you to find them. Most clients fix 60–80% of technical findings before their audit even starts — dramatically reducing audit fees and timelines.

🔄

Continuous compliance

You pass SOC2 in January. By March, three new deployments have broken six controls. NuboComply runs monthly so drift is caught immediately — not at next year's audit.

📋

Enterprise questionnaires

Enterprise procurement teams send 200-question security questionnaires. NuboComply gives you the exact control evidence to answer them — with auditor-ready proof for every passing control.

9 frameworks

Every framework your enterprise clients care about.

Every control is mapped simultaneously. One finding, nine frameworks checked at once.

SOC2 Type II
5 Trust Service Criteria

The standard US enterprise clients require. CC6–CC9 security controls, availability, confidentiality, processing integrity. Required for SaaS companies selling to US enterprise.

ISO 27001:2022
93 controls across 4 domains

The international standard, dominant in UK and European enterprise procurement. Increasingly required for UK public sector and government contracts.

CIS AWS v2.0
67 benchmark checks

The definitive AWS security benchmark. IAM, storage, logging, monitoring, networking — all 67 checks. The technical foundation that underpins most cloud compliance frameworks.

GDPR Article 32
Technical security measures

The technical measures required for GDPR compliance. Encryption at rest and in transit, access controls, availability, integrity. Mandatory for any company processing EU/UK personal data.

UK Cyber Essentials
5 control domains

UK government scheme. Required for all government contracts. NuboComply covers all 5 Cyber Essentials domains — boundary firewalls, secure configuration, access control, malware protection, patch management.

NCSC Cloud Security
14 principles

The UK National Cyber Security Centre's 14 cloud security principles. Essential for G-Cloud, Crown Commercial Service supplier status, and UK public sector contracts.

NIST CSF 2.0
Protect · Detect · Respond

The US framework increasingly used in UK enterprise procurement, especially for companies with US customers or investors. NuboComply covers the technical Protect, Detect, and Respond functions.

PCI DSS v4.0
Technical requirements 1, 2, 3, 6–8, 10, 11

Mandatory for any company handling card payments. Network security, encryption, access control, logging, testing. NuboComply covers the AWS-specific technical requirements.

AWS Well-Architected
Security Pillar — all 9 areas

AWS's own security best practice framework. Identity, detection, infrastructure protection, data protection, incident response. The language AWS solution architects and enterprise teams speak.

Case study

147 controls. 89 failures. 9 frameworks. Real account.

Every control mapped simultaneously. Here's exactly what NuboComply produced on a live AWS account.

NuboComply v1.0 — Framework Scorecard
Framework Pass Fail Score
SOC2 Type II 32 89 ██████████ 26%
ISO 27001:2022 32 89 ██████████ 26%
CIS AWS v2.0 28 65 ██████████ 30%
GDPR Art.32 29 81 ██████████ 26%
UK Cyber Ess. 25 18 ██████████ 58%
NCSC CSP 30 87 ██████████ 25%
NIST CSF 2.0 32 89 ██████████ 26%
PCI DSS v4.0 30 78 ██████████ 27%
AWS Well-Arch 32 89 ██████████ 26%
Technical controls score
147 controls · 89 fail · 32 pass · 24 manual
26/100
🔴 Poor
Cross-framework impact (top 5 failures)
IAM-1.2 Root MFA disabled → ALL 9 frameworks
NET-2.1 SSH open 0.0.0.0/0 → ALL 9 frameworks
LOG-4.1 CloudTrail disabled → ALL 9 frameworks
NET-2.8 EBS unencrypted → ALL 9 frameworks
RDS-3.9 RDS unencrypted → ALL 9 frameworks
Evidence pack: 32 passing controls
Every passing control includes evidence — ARN, configuration value, timestamp — ready to hand to your auditor as proof.
89
controls failing
147
total controls
32
evidence items
24
manual checks
The cross-framework multiplier

Fixing CloudTrail (LOG-4.1) closes gaps in SOC2 CC7.1, ISO27001 A.8.15, CIS 3.1, GDPR Art.32(1)(d), Cyber Essentials, NCSC P13, NIST DE.CM-3, PCI Req10.1, and AWS Well-Architected SEC04 — all nine frameworks — in a single fix.

Explicit manual check list

NuboComply is honest about what it can't automate — incident response plan, vendor risk assessments, security training, DPAs. Every manual check includes exactly what document or evidence your auditor will expect.

Get your free compliance audit →

Technical gap analysis only · Certification requires a licensed auditor · NuboComply does not provide legal advice

What you get

Everything you need to go into your audit prepared.

📊
Per-framework scorecard

Every framework scored 0–100 with pass/fail/partial breakdown. Know your SOC2 score, ISO27001 score, and CIS score separately — and exactly what's dragging each one down.

🔗
Cross-framework impact matrix

Every failing control ranked by how many frameworks it violates. The top findings affect all 9 simultaneously — fix the highest-impact gaps first, close the most compliance debt fastest.

📁
Auditor-ready evidence pack

Every passing control includes the actual evidence — resource ARN, configuration value, timestamp, and framework mapping. Hand it directly to your auditor. No more scrambling to prove you had controls in place.

Explicit manual check list

24 controls that can't be automated — incident response plan, vendor risk assessments, DPAs, security training. Each one includes exactly what document or evidence your auditor will expect to see.

🎯
Prioritised remediation roadmap

Every failing control includes the exact remediation step. Critical failures separated from High, Medium, and Advisory. Start with the controls that close the most frameworks simultaneously.

⚠️
Honest disclaimer, always

NuboComply is explicit: this is a technical gap analysis, not a certification. Achieving SOC2 or ISO27001 requires a licensed auditor. We tell you where to focus — your auditor confirms you got there.

Pricing

A fraction of what your auditor charges.

SOC2 auditors charge £500–£800/day. NuboComply runs in 5 minutes.

One-off Audit
Full 147-control audit across all 9 frameworks with evidence pack.
£600 one time
  • 147 controls across 9 frameworks
  • Per-framework readiness scorecard
  • Cross-framework impact matrix
  • Auditor-ready evidence pack
  • Manual verification checklist
  • 48 hour turnaround
Get started
Most popular
Monthly Retainer
Monthly rescans so compliance drift is caught before your auditor finds it.
£500/month
  • Everything in one-off audit
  • Monthly rescan + score tracking
  • Compliance drift alerts
  • Remediation implementation included
  • Updated evidence pack monthly
  • Audit preparation support
Get started

What's your compliance score?

Most startups score under 30/100. Know your gaps across all 9 frameworks before your auditor — or your enterprise client — finds them first.

Get your free compliance audit →

Technical gap analysis only · Not a certification · Certification requires a licensed auditor