LogoLogo
  • Guide
    • Introduction
    • Setup
    • CloudQL
    • Compliance
    • Key Terminology
    • Running Audits
    • Embed Compliance Checks in Pipelines
  • Advanced
    • Controls
      • Controls with Inline Policy
      • Controls with References Policies
      • Policies
      • Summary
    • Control Groups
    • Framework
    • Product Architecture
  • advanced-setup
    • Deploy on DigitalOcean / Linode
    • Deploy to AWS
    • Single Sign-On
    • Production Hardening
  • Platform
    • FAQ
Powered by GitBook

© 2025 open governance Inc.

On this page
  1. Advanced

Control Groups

Control Groups in OpenComply help you organize your compliance checks. Think of them like folders in a filing cabinet, grouping similar checks together. This makes it easier to understand, manage, and report on your compliance.

For example, a SOC 2 framework might have Control Groups like "Security," "Availability," "Confidentiality," and "Privacy." The "Security" group could contain checks for access control, data encryption, and vulnerability management.

Control Groups can be nested (like folders within folders) for even better organization. So, "Security" might have a subgroup called "Network Security."

OpenComply's flexible, YAML-based system allows you to define Control Groups directly within a framework or reference groups (or even entire frameworks) defined elsewhere. This lets you build complex, hierarchical structures to model your specific compliance needs.

PreviousSummaryNextFramework

Last updated 22 days ago