The One Compliance
The One Compliance is a compliance frameworks management platform purpose-built for MSPs. It centralizes framework tracking, evidence collection, policy management, and audit preparation in a single multi-tenant console, replacing spreadsheets and scattered documentation with a structured, auditable workflow.
What The One Compliance Does
| Capability | Description |
|---|---|
| Framework Management | Track compliance against SOC 2, HIPAA, NIST CSF, CIS Controls, PCI DSS, and CMMC with pre-built control mappings |
| Evidence Collection | Upload artifacts manually or auto-collect evidence from Security, RMM, Defend, and Backups |
| Gap Analysis | Real-time dashboard showing control coverage, missing evidence, and framework readiness scores |
| Audit Preparation | Readiness scoring, auditor portal with read-only access, and packaged evidence exports |
| Policy Engine | Built-in policy templates with versioning, approval workflows, and employee acknowledgment tracking |
| Compliance Reporting | Framework progress, evidence status, gap analysis, and executive summary reports |
Supported Frameworks
- SOC 2 — Type I and Type II (Trust Services Criteria)
- HIPAA — Security Rule, Privacy Rule, Breach Notification
- NIST CSF — Identify, Protect, Detect, Respond, Recover
- CIS Controls — v8 Implementation Groups 1–3
- PCI DSS — v4.0 requirements
- CMMC — Level 1–3 practices and processes
Who Uses It
| Role | Primary Use |
|---|---|
| vCISO | Framework selection, gap analysis, executive reporting |
| Compliance Manager | Evidence collection, control mapping, audit prep |
| MSP Account Manager | Client compliance status, readiness scores |
| Auditor | Read-only auditor portal for evidence review |
How It Fits in the Stack
The One Compliance connects to your other One Stack products to automate evidence collection and enrich compliance workflows:
- Hub — SSO authentication; access from the Hub waffle menu
- Security — Scan results and findings flow in as compliance evidence
- RMM — Patch compliance status serves as evidence for patching controls
- Defend — Endpoint protection deployment status validates endpoint security controls
- Backups — Backup verification records serve as evidence for data protection controls
- People — Employee training completion records support workforce security controls
ℹ️The One Compliance requires an active Hub organization. All users authenticate via Hub SSO.
Next Steps
- Frameworks — Select and configure compliance frameworks
- Evidence Collection — Manual and automated evidence gathering
- Audit Preparation — Get ready for your next audit
- Policy Engine — Manage organizational policies
- Reports — Compliance reporting and dashboards