COSBlogCareersContact
The Compliance Operating System

One platform for every
compliance requirement.

COS replaces spreadsheets, disconnected tools, and manual processes with a unified compliance workspace. Map controls, collect evidence, manage risks, and run audits — all in one place.

Get in touchSee frameworks
Platform overview

Built for how compliance
actually works.

Compliance isn’t a one-time project. It’s a continuous process of mapping requirements, gathering evidence, assessing risks, and preparing for audits. COS is designed around this reality.

01

Map

Connect your controls to SAMA CSF, NCA ECC-2, PDPL, and ISO 27001. See exactly where you stand against every requirement.

02

Collect

Upload evidence, automate collection via API, and maintain a tamper-proof record. Every artifact is versioned and traceable.

03

Monitor

Track compliance posture in real time. Risk scoring, gap analysis, and automated alerts keep you ahead of issues.

04

Audit

Give auditors a dedicated workspace. Streamline the entire lifecycle from planning through findings to closure.

Core capabilities

Everything you need,
nothing you don’t.

01

Control Framework Manager

Map organizational controls to multiple frameworks simultaneously. Track implementation status, identify gaps, and generate compliance scorecards across SAMA CSF, NCA ECC-2, PDPL, and ISO 27001.

Multi-framework mappingGap analysisCompliance scoringRequirement tracking
02

Evidence Locker

A tamper-proof repository for all compliance artifacts. Gather evidence automatically through integrations with cloud providers, HR platforms, identity providers, and other systems — or upload manually. Every document is versioned, tagged to specific controls, and tracked with expiry alerts.

Automated gatheringSystem integrationsVersion historyExpiry alerts
03

Risk Register

Identify, score, and track risks with treatment plans. Quantify exposure with heat maps, link risks to controls, and monitor remediation progress across your organization.

Risk scoringHeat mapsTreatment plansControl linkage
04

Audit Workspace

A dedicated environment for internal and external auditors. Review controls, request evidence, issue findings, and track remediation — all within a structured workflow.

Auditor portalFinding managementEvidence requestsLifecycle tracking
05

Reporting & Dashboards

Executive dashboards, framework-specific reports, and audit-ready exports. Get a real-time view of your compliance posture with data you can share with boards and regulators.

Executive dashboardsFramework reportsAudit exportsReal-time posture
06

Multi-organization Management

Purpose-built for audit firms and enterprise groups. Manage multiple entities, compare compliance posture across organizations, and run parallel assessments from a single workspace.

Multi-tenantCross-org comparisonParallel assessmentsCentralized oversight
Framework support

Native support for every
major Saudi framework.

SAMA CSF

198 controls

Saudi Arabian Monetary Authority Cybersecurity Framework. Full control mapping with domain-level gap analysis.

NCA ECC-2

114 controls

National Cybersecurity Authority Essential Cybersecurity Controls. Structured requirements with implementation guidance.

PDPL

47 controls

Personal Data Protection Law. Data processing requirements, consent management, and cross-border transfer controls.

ISO 27001:2022

93 controls

International information security standard. Annex A controls with Statement of Applicability support.

SAMA ITGF

52 controls

Saudi Arabian Monetary Authority IT Governance Framework. IT governance controls covering strategy, risk, and performance management.

CMA

38 controls

Capital Market Authority regulatory framework. Compliance controls for capital market participants and listed entities.

Ready to see COS
in action?

Schedule a walkthrough with our team. We’ll show you how COS maps to your specific regulatory requirements.

Get in touch