Everything you need
for multi-framework compliance

A comprehensive platform covering DORA, NIS2, ISO 27001:2022, NIST CSF 2.0, SEC Cybersecurity Rules, NYDFS 23 NYCRR 500, and SOX IT Controls — with 96 cross-framework mappings, AI-assisted gap analysis, multi-entity group reporting, and predictive compliance analytics.

DORA Pillar 1

DORA Pillar 1 · NIST Identify · NYDFS 500.09

ICT Risk Management

Identify, assess, and mitigate ICT risks across your entire organisation. Build a comprehensive asset registry, map dependencies between critical functions and ICT services, and maintain full control over your risk posture.

Risk Heat Maps

Visual likelihood-impact matrices with automatic risk scoring and colour-coded severity levels.

Asset Registry

Catalogue all ICT assets with classifications, owners, and criticality ratings in one place.

Automated Scoring

Risk scores calculated automatically based on likelihood, impact, and control effectiveness.

Control Mapping

Link controls directly to risks and track their implementation status and effectiveness.

Risk Heat Map, Risk Trends, and Incident Frequency
Incident Management — classification, tracking, and reporting

DORA Pillar 3

DORA Pillar 3 · NIST Detect & Respond · SEC 8-K Reporting · NYDFS 500.17

Incident Management

Classify, track, and report ICT-related incidents in line with DORA's strict timelines and SEC 8-K material incident disclosure requirements. From initial detection through root-cause analysis to supervisory notification — every step is documented and deadline-tracked.

Classification Wizard

Step-by-step incident classification against DORA's seven severity criteria.

Timeline Tracking

Automatic deadline calculation for initial, intermediate, and final notifications.

PDF Reports

Generate supervisor-ready incident reports with full audit trails at any point.

Deadline Alerts

Automated notifications before the 4-hour, 72-hour, and 30-day deadlines hit.

DORA Pillar 4

DORA Pillar 4 · NIST Govern · NYDFS 500.11

Vendor Management

Track ICT third-party providers, manage contracts, send assessment questionnaires, and monitor vendor risk scores. Vendors complete self-service assessments through a secure public portal — no login required.

Self-Service Assessments

Vendors fill out questionnaires via a secure public page — no account needed.

Contract Lifecycle

Track contract dates, renewal windows, and get alerts before expiry.

Vendor Scoring

Automated risk scoring based on assessment responses and contract terms.

Concentration Analysis

Identify over-reliance on single providers across critical business functions.

Vendor Management — oversight, scoring, and contract tracking
ICT Asset detail with risk assessments and audit trail

Regulatory Compliance

DORA RoI · SEC 8-K · NIST CSF · SOX ITGC

Regulatory Reporting

Generate ESA-compliant XBRL-CSV reports for all 15 Register of Information templates, SEC 8-K material incident disclosures, and framework-specific compliance evidence — including intra-group arrangements and branch reporting. Every export is validated and ready for supervisory submission.

15 RoI Templates

All Register of Information templates covered — third-party, intra-group, and branch arrangements.

XBRL-CSV & SEC 8-K

DORA exports validated against ESA taxonomies, plus SEC 8-K incident disclosure generation.

Board Reports

PDF exports for management board and risk committee briefings.

Audit Reports

Comprehensive audit-trail exports for internal and external auditors.

US Compliance

US Regulatory Frameworks

Beyond EU regulations, ComplyShield supports the major US cybersecurity and financial compliance frameworks — giving global institutions a single platform for cross-jurisdictional compliance.

NIST CSF 2.0

Full coverage of the NIST Cybersecurity Framework 2.0 with its six core functions — track maturity, map controls, and generate evidence across your entire cybersecurity programme.

Govern Identify Protect Detect Respond Recover

SEC Cybersecurity Rules

Track SEC cybersecurity disclosure requirements including 8-K material incident reporting within 4 business days. ComplyShield monitors deadlines, helps draft disclosures, and maintains an auditable record of your reporting decisions.

8-K Filing 4-Day Deadline Materiality Assessment

NYDFS 23 NYCRR 500

Comprehensive support for the New York Department of Financial Services cybersecurity regulation — covering cybersecurity programme requirements, incident response plans, third-party security policies, and annual certifications.

Cybersecurity Programme Incident Response Third-Party Policies

SOX IT Controls

Track IT General Controls (ITGCs) for Sarbanes-Oxley compliance — access management, change management, computer operations, and programme development. Full audit trail for every control activity.

Access Management Change Management Audit Trail

Real-Time Oversight

Compliance Dashboard

A single pane of glass for your compliance posture. Monitor DORA pillar status, NIS2 requirements, NIST CSF maturity, SEC deadlines, risk trends, and incident frequency — all updated in real time.

5/5

DORA Pillar Status

Track compliance across all five DORA pillars with progress indicators.

NIS2

NIS2 Compliance

Article-level tracking of NIS2 requirements mapped to your controls.

Risk Trends

Historical risk-score charts showing improvement or deterioration over time.

#

Incident Frequency

Monthly incident charts by severity and classification for trend analysis.

ComplyShield Compliance Dashboard

DORA Pillar 5

DORA Pillar 5 · NIST Respond · NYDFS 500.16

Information Sharing

Manage information-sharing arrangements as required by DORA's fifth pillar. Track which arrangements are in place, set review reminders, and maintain an auditable record of all sharing activities.

Arrangements Tracking

Record and manage all information-sharing arrangements with counterparties.

Review Reminders

Automated reminders to review and update sharing arrangements periodically.

Audit Trail

Full history of sharing activities for supervisory review and compliance evidence.

Information Sharing Preview
New

Advanced Capabilities

Differentiated features that go beyond basic compliance tracking.

🔗

Cross-Framework Mapping

96 pre-built mappings between DORA, ISO 27001:2022, NIST CSF 2.0, and NIS2. Comply once, propagate across frameworks automatically.

⚠️

7 ESA Classification Criteria

Automated incident classification using all 7 ESA criteria with configurable thresholds. Visual display of which criteria triggered "major" classification.

🚪

Exit Strategies

DORA Art. 28(8) exit plans for critical vendors with alternative providers, migration plans, testing tracking, and approval workflows.

Art. 30 Contract Checklist

17 DORA Art. 30 clauses with article references, suggested text templates, compliance scoring, and smart initialization based on vendor criticality.

📊

Business Impact Analysis

Map business functions to ICT assets and vendors. RTO/RPO per function, financial impact assessment, and single point of failure detection.

🏢

Multi-Entity Groups

Parent/subsidiary hierarchy for financial groups. Per-entity data scoping, group-level aggregation, and consolidated regulatory reporting.

🏛️

Board Oversight Evidence

Track board resolutions, framework approvals, and annual reviews per DORA Art. 5(2). Document management body oversight for regulators.

🤖

AI Gap Analysis

Upload existing policies and documents. AI-powered analysis identifies DORA article coverage, gaps, and suggested remediation actions.

🌍

5 Languages

Full interface in English, German, French, Italian, and Spanish. Per-user language preference with automatic locale switching.

See it in action

Schedule a demo and discover how ComplyShield covers EU and US compliance frameworks in a single platform.

Request Demo