Log in
Features
Feature

Security Program (WISP)

Build your security program as a living system: scope, roles, policies, training, and incident readiness, connected to controls and evidence so it stays real.

Written security program, structured and exportable.

Workflow

How It Works

Evaluator-level mechanics behind this feature and how it becomes verifiable proof.

01
Structured WISP that links scope
Structured WISP that links scope, roles, policies, training, and incident readiness
02
Exportable program artifacts (PDF) with review
Exportable program artifacts (PDF) with review history
03
Designed to stay current with owners
Designed to stay current with owners and review schedules

Capabilities

At a Glance

Feature-specific context: outcomes, outputs, and where it fits.

Used For
SOC 2 • CMMC
Outcomes
Replace static docs with structured governance • Make program status reviewable • Export a WISP auditors can follow
Exports & Records
WISP export (PDF) • Review history
Technical Notes
Structured WISP that links scope, roles, policies, training, and incident readiness • Exportable program artifacts (PDF) with review history • Designed to stay current with owners and review schedules
Sharing and Controls
Pair outputs with Trust Center tiers so you control what’s shared and preserve access logs.
What you can show reviewers
Artifacts reviewers recognize, plus sample previews of structure.
Plans
Plan availability
FoundationsContinuousSecurity OpsResilienceCommand
See pricing and plan details.

Integrations

Connect systems to keep governance grounded

Integrations keep evidence and ownership tied to reality so governance stays defensible.

Browse Integrations

FAQ

FAQ

Common questions from buyers and reviewers.

What does a reviewer actually receive?
Common outputs include: WISP export (PDF); Review history.
Where does this feature fit?
Teams use it for SOC 2, CMMC. The goal is to reduce back-and-forth by tying work to evidence, approvals, and clear history.
What outcome should I expect?
Replace static docs with structured governance Make program status reviewable
Do you auto-share content externally?
No. Drafts and shared materials are human-reviewed. You control what's shared and what stays internal.
Next step
Want a walkthrough focused on this feature?
Bring a reviewer request. We'll map the workflow end-to-end.
Get a Walkthrough Browse modules
No obligation. We respond within one business day. No compliance guarantees.