1. Introduction
Framework Management in redOrange.ai enables administrators and compliance teams to select and maintain compliance frameworks relevant to their organization. This guide explains how to manage frameworks, create and customize controls, and support your compliance and audit needs.
2. What is a Compliance Framework?
A compliance framework is a structured set of policies, standards, and controls designed to help organizations meet regulatory requirements and industry best practices. Examples include ISO 27001, SOC 2, GDPR, PCI-DSS, and more.
3. Accessing Framework Management
Log in to redOrange.ai as an Administrator or a user with framework management permissions.
Navigate to Compliance > Frameworks.
4. Managing the Framework
Step 1: Select Framework
Choose a predefined framework from the available list.
Step 2: Add Controls
If you want to add your own controls for the selected framework, redOrange.ai fully supports this.
Navigate to Compliance > Frameworks > Select Framework > Get Started / Check Status > View and Verify Controls, then click Add Control.
For single controls, manually enter details:
Click Add Control.
Enter Control Title, Control Question, and Control Description.
Select or create a Control Category and Subcategory.
Provide Control Identifier Number, select Linked Vendors, and add tooltip information.
Save — the new control will appear in the View and Verify Controls section.
For bulk upload via spreadsheet (XLSX):
In the View and Verify Controls section, click Upload Control XLSX.
Download the XLSX template and fill in control details.
Upload the completed file.
Preview the controls, select which to add, and click Upload Selected.
All custom controls will then be added to your View and Verify Controls.
Task Management
Assign an Owner and Assignee for each control — tasks will appear under My Work > Compliance for the assigned users.
Set Due Dates and Criticality levels (Urgent, High, Medium, Low).
Toggle control applicability to mark as Applicable or Not Applicable, with the option to add applicability details.
Step 3: Assign Controls
Review default controls linked to the framework.
Enable, disable, or modify controls based on your organizational requirements.
5. Best Practices
Regularly review frameworks to ensure they reflect current regulatory requirements.
Customize controls thoughtfully to maintain alignment with external audit expectations.
Document all framework control customizations for compliance reporting.
6. Cross Compliance
redOrange.ai supports Cross Compliance, allowing controls from one compliance framework to be mapped to controls in other frameworks.
When a control is assessed in one framework, the mapped controls in the other frameworks are automatically marked as assessed, reducing duplicate effort and audit burden.
Note: Cross Compliance is an optional feature and must be enabled for your organization. If you do not see this feature available, please contact redOrange support at support@redorange.ai to have it activated.
7. Troubleshooting
Issue | Solution |
Unable to find a required framework | Contact redOrange support at support@redorange.ai |
Framework changes not reflected | Clear cache or refresh application; verify save actions |
8. FAQs
Q: Can I upload my own custom compliance framework controls?
A: Yes, redOrange.ai supports uploading custom framework controls manually or via XLSX file upload.
Q: Does redOrange.ai support cross compliance?
A: Yes, redOrange.ai supports cross compliance where controls of one framework can be mapped to others to simplify assessments.
Q: Can I manage multiple frameworks simultaneously?
A: Yes, you can manage multiple frameworks simultaneously via Compliance > Frameworks.
9. Contact Support
For help with Framework Management, contact:
Email: support@redorange.ai