Frameworks
Answer once. Every framework draws from it.
You assess against one canonical set of outcomes. Control frameworks (CAF, NIST, ISO) project from those outcomes; regulatory regimes (GDPR, ITAR, EAR…) switch on automatically from what data you declare, and attach their concerns at the right points of the journey. Read-only example — declare some data below to see it.
Read-only exampleDeclare your data
Regulatory regimes that switch on
Declare data above — regimes activate from what's in play. (Nothing activates by guesswork.)
Control frameworks (always on — they project from your outcomes)
The canonical outcome spine. All assessment outcomes are expressed against the CAF.
Crosswalks to the CAF outcomes via the six functions — no re-asking.
Annex A controls crosswalk to the same outcomes; certification view projects from them.
However a customer names their teams, an activated concern routes to the right owner via the function spine. One assessment; many framework views.