GuardsArm Compliance SoftwareControls, evidence, audits, and risk in one place
Manage your entire compliance program — US, international, and Canadian frameworks — from a single platform. Control mapping, continuous evidence collection, policy management, and audit workflows.
Capabilities at a glance
The platform handles the operational work of compliance — control management, evidence, policies, risk, audits — so your team can focus on the parts that actually require judgement.
Control library and mapping
Implement a control once and map it across every framework it satisfies. Built-in mappings between SOC 2, ISO 27001, HIPAA, NIST 800-53, PCI DSS, and the Canadian privacy and health regimes.
Evidence management
Central repository for policies, screenshots, audit reports, and system-generated evidence. Versioned, time-stamped, and linked to the controls and frameworks they support.
Continuous monitoring
Automated checks pull evidence from cloud accounts, identity providers, code repositories, and ticketing systems so control status reflects current reality, not last quarter’s screenshot.
Risk register
Track risks, owners, treatment plans, and residual scoring. Link risks to controls and frameworks so risk treatment progress is visible alongside compliance posture.
Policy library
Starter policy templates for common programs (acceptable use, access control, incident response, vendor management) with version control, approval workflows, and attestation tracking.
Vendor and third-party risk
Onboard vendors, send questionnaires, collect responses, score risk, and track remediation. Reuse vendor assessments across frameworks that all care about supply chain risk.
Audit workflow
Bundle evidence into audit-ready packages by framework or by control. Track auditor requests, exceptions, and remediation in a single timeline. Export packages auditors actually want.
Framework dashboards
A live view of compliance posture per framework, with drill-down to control status, evidence freshness, gaps, and assigned owners. Suitable for board and management reporting.
Frameworks supported
Built-in coverage for the regulations and customer-driven frameworks Canadian and cross-border organizations most often face — with the mapping done for you.
US and international
- SOC 2 (TSC)
- ISO 27001
- HIPAA Security
- PCI DSS
- NIST 800-53
- GDPR
Canadian
- PIPEDA
- Quebec Law 25
- BC PIPA
- Ontario PHIPA
- Alberta HIA / FOIP / Reg 84/2024
- Manitoba PHIA
- Saskatchewan HIPA
- OSFI B-13
- ITSG-33
- CCSPA (Bill C-8)
- CASL
- FINTRAC / PCMLTFA
- SOX / CSOX (NI 52-109)
Need a framework not listed? The control engine is framework-agnostic — we can add custom catalogues during onboarding for industry-specific or contractual requirements.
How a program runs on the platform
The same workflow our consultants use when they run compliance programs for clients.
Pick the frameworks that apply
Tell us which regulations and customer-driven frameworks you operate under. The platform pulls the right control catalogues and starts the mapping.
Implement controls once
Document controls in plain language, attach owners, and let the mapping engine satisfy related requirements across other frameworks automatically.
Collect evidence continuously
Connect data sources — cloud accounts, IdP, ticketing, repos — and let the platform pull evidence on a schedule instead of relying on quarter-end fire drills.
Walk into audits prepared
Hand auditors an organized evidence package by framework, with clear answers to control questions and a track record of remediation.