One platform for every
compliance requirement.
COS replaces spreadsheets, disconnected tools, and manual processes with a unified compliance workspace. Map controls, collect evidence, manage risks, and run audits — all in one place.
Built for how compliance
actually works.
Compliance isn’t a one-time project. It’s a continuous process of mapping requirements, gathering evidence, assessing risks, and preparing for audits. COS is designed around this reality.
Map
Connect your controls to SAMA CSF, NCA ECC, SDAIA PDPL, ISO 27001, and six more frameworks. See exactly where you stand against every requirement.
Collect
Upload evidence, automate collection via API, and maintain a tamper-proof record. Every artifact is versioned and traceable.
Monitor
Track compliance posture in real time. Risk scoring, gap analysis, and automated alerts keep you ahead of issues.
Audit
Give auditors a dedicated workspace. Streamline the entire lifecycle from planning through findings to closure.
Everything you need,
nothing you don’t.
Control Framework Manager
Map organizational controls to multiple frameworks simultaneously. Track implementation status, identify gaps, and generate compliance scorecards across all 10 supported frameworks — including SAMA CSF, NCA ECC, SDAIA PDPL, and ISO 27001:2022.
Evidence Locker
A tamper-proof repository for all compliance artifacts. Gather evidence automatically through integrations with cloud providers, HR platforms, identity providers, and other systems — or upload manually. Every document is versioned, tagged to specific controls, and tracked with expiry alerts.
Risk Register
Identify, score, and track risks with treatment plans. Quantify exposure with heat maps, link risks to controls, and monitor remediation progress across your organization.
Audit Workspace
A dedicated environment for internal and external auditors. Review controls, request evidence, issue findings, and track remediation — all within a structured workflow.
Reporting & Dashboards
Executive dashboards, framework-specific reports, and audit-ready exports. Get a real-time view of your compliance posture with data you can share with boards and regulators.
Multi-organization Management
Purpose-built for audit firms and enterprise groups. Manage multiple entities, compare compliance posture across organizations, and run parallel assessments from a single workspace.
Native support for every
major Saudi framework.
SAMA CSF
182 controlsSaudi Arabian Monetary Authority Cybersecurity Framework. Full control mapping with domain-level gap analysis.
SAMA CFF
86 controlsSaudi Arabian Monetary Authority Cyber Fraud Framework. Fraud prevention, detection, and response controls for financial institutions.
NCA ECC
220 controlsNational Cybersecurity Authority Essential Cybersecurity Controls. Structured requirements with implementation guidance.
SDAIA PDPL
133 controlsSDAIA Personal Data Protection Law. Data processing requirements, consent management, and cross-border transfer controls.
ISO 27001:2022
93 controlsInternational information security standard. Annex A controls with Statement of Applicability support.
NCA CCC
106 controlsNational Cybersecurity Authority Cloud Cybersecurity Controls. Security requirements for cloud service providers and tenants.
SAMA BCF
91 controlsSaudi Arabian Monetary Authority Business Continuity Framework. Continuity planning and operational resilience controls for financial institutions.
NCA DCC
68 controlsNational Cybersecurity Authority Data Cybersecurity Controls. Controls for protecting sensitive data across its lifecycle.
CMA Real Estate Ownership
58 controlsCapital Market Authority real estate ownership framework. Compliance controls for real estate investment funds and ownership structures.
SAMA ITGF
449 controlsSaudi Arabian Monetary Authority IT Governance Framework. IT governance controls covering strategy, risk, and performance management.
Ready to see COS
in action?
Schedule a walkthrough with our team. We’ll show you how COS maps to your specific regulatory requirements.
Get in touch