ICP · The judgment layer

The Intelligent Compliance Platform

Your compliance posture, scored in real time. ICP reads every piece of evidence, scores every control, surfaces every gap and risk — and turns it into the report your auditor signs.

Compliance DashboardReal-time implementation status
ISO 27001:2022 · 93 controls
0COMPLIANCE
78
Verified
11
In progress
4
Not started
Progress by theme
Organizational
31/37
People
7/8
Physical
11/14
Technological
29/34

Other GRC tools store your evidence. ICP reasons over it — and tells you exactly where you stand.

Every artifact that enters Atlas Logic is read on arrival: classified, mapped to the controls it satisfies, checked for recency and authenticity, then scored. The output isn’t a folder of files — it’s a defensible position you can hand an auditor. // source of judgment

// 01 — Capabilities

What the platform does for you

Everything in your sidebar, working together: from a pile of evidence to a certifiable, continuously defensible posture.

01

AI Gap Analysis

Coverage percentage per theme and per framework, with the specific missing evidence and a prioritized remediation plan. Export to PDF for leadership or your auditor.

02

Control Scoring

Each control gets a 0–100 compliance score with strengths, weaknesses, gaps, and the reasoning behind it — explainable, not a black box.

03

Evidence Library

Uploads are auto-classified (policy / process / technical record), mapped to controls, and checked for 12-month freshness and authenticity on arrival.

04

Risk Assessment

A quantified risk register scored Critical through Very Low, each risk mapped to the controls that mitigate it and feeding straight into remediation.

05

CAPA / Tasks

Corrective and preventive actions generated from AI findings, assigned, tracked through to verification, and closed by your internal auditors.

06

AI Compliance Copilot

Ask the built-in copilot anything — what a control requires, where you’re exposed, what to fix next — grounded in your own evidence and framework data.

07

Multi-Framework Mapping

Map one control once — say, MFA — and satisfy it across ISO 27001, SOC 2, Cyber Essentials, and GDPR at the same time. Prove once, certify many.

08

Statement of Applicability

A living SoA that records what applies, what doesn’t, and why — with non-applicable controls cleanly excluded from your compliance math.

09

Audit Timeline

A chronological, tamper-evident feed of every action — evidence approved, controls updated, tasks verified — with an auditor portal for direct review.

// 02 — Frameworks

One platform, every framework you need

Run multiple frameworks side by side from a single evidence base. Add the next one without starting over.

Live
ISMS

ISO 27001:2022

93 controls · 4 themes

Organizational (37), People (8), Physical (14), Technological (34) — the full certification path from gap analysis to audit.

Live
Trust Services

SOC 2 Type II

74 Trust Services Criteria

Continuous evidence over the observation period, scored against Security and the criteria you select.

Live
UK NCSC

Cyber Essentials v3.1

77 requirements · “Evendine”

Five technical themes with per-org applicability — the fast path to UK public-sector and enterprise eligibility.

Coming Soon
EU Regulation

GDPR

Article 32 TOMs

Technical and organizational measures mapped to your ISMS, with DSAR and data-processing workflows.

Coming Soon
US NIST

NIST AI RMF

AI RMF 1.0 · 4 functions

The NIST AI Risk Management Framework for trustworthy AI — govern, map, measure, and manage AI risk across the system lifecycle, mapped alongside your existing security controls.

Coming Soon
AI Governance

ISO 42001

AI Management System

An AI governance framework for responsible AI — including governance of Atlas Logic’s own agentic features.

// 03 — Governed AI

Autonomous, but never unaccountable

ICP’s agents reason, recommend, and draft — but a person always holds the decision. Every output is traceable to its evidence.

A

Explainable by default

Every score and finding cites the evidence behind it, so an auditor can follow the AI’s reasoning end to end.

B

Human-in-the-loop gates

AI proposes remediations and CAPAs; your Security Manager or Internal Auditor approves, rejects, or revises before anything closes.

C

ISO 42001-aligned

Atlas Logic governs its own AI to the same standard it helps you meet — responsible AI, on the record.

AI
Evidence analyzedMapped to controls · scored · gaps surfaced
AI
CAPA draftedRecommendation generated from the finding
Human approvesSecurity Manager reviews & accepts
Auditor verifiesClosed on the immutable audit timeline
// 04 — The vertical integration for GRC

ICP doesn’t work alone

Judgment is only as good as the truth beneath it. ICP renders the decision; the Compliance Operating System supplies the continuous, verifiable signal it reasons over — one stack, no integration tax.

ICP · Judgment

Decides

Scores controls, finds gaps, assesses risk, drafts CAPAs, maps frameworks, and produces the audit-ready report.

FEEDS UPWARD
COS · Truth

Proves

Continuously collects telemetry from your real systems — the verifiable evidence ICP judges.

Competitors bolt a dashboard onto a pile of third-party connectors. Atlas Logic owns both layers, so the truth and the judgment never drift apart — and you get one defensible system instead of an integration project.

See how COS proves it →

See your posture, scored.

Connect your evidence and watch ICP read it, map it, and tell you exactly where you stand — in days, not quarters.