The Complete Security Assessment & Compliance Platform
45 frameworks, 14 connectors, 6 GRC modules, cross-framework mappings, certification campaigns, evidence vault, continuous compliance engine with drift detection — in one platform.
Multi-Framework Assessment Engine
45 cybersecurity, AI governance, and cloud compliance frameworks. 8-stage workflow with task boards, PDF reports, and multi-user collaboration.
45 Frameworks
IRAP, Essential Eight, NIST CSF 2.0, ISO 27001:2022, SOC 2, PCI DSS 4.0, GDPR, DORA, NIS2, HIPAA, CIS v8, CMMC 2.0, 10 AI governance, and more.
8-Stage Workflow
CREATED → PLANNING → IN_PROGRESS → REVIEW → REMEDIATION → VALIDATION → COMPLETED → ARCHIVED with task boards and approvals.
AI Gap Analysis
Claude API analyses control responses, identifies gaps, suggests remediation steps, recommends compensating controls, and highlights evidence to collect.
PDF Reports
One-click export: executive summary, control-level findings, risk heatmap, remediation roadmap. Branded with organisation logo.
Team Collaboration
Assign controls to team members, set due dates, track completion. Real-time progress dashboard with per-assessor metrics.
Analytics Dashboard
Compliance trend lines, framework comparison, risk distribution charts. Track maturity improvement over time.
Agentless Cloud Security Checks
26 automated compliance checks against Entra ID, AWS IAM, Okta, and Google Workspace. Scheduled runs, auto-created findings, evidence auto-collection.
Entra ID — 8 Checks
MFA status, stale accounts, guest access review, Conditional Access coverage, privileged role assignments, PIM eligibility.
AWS IAM — 8 Checks
Root account MFA, access key rotation, unused IAM users, S3 policies, CloudTrail, password policy compliance.
Okta — 5 Checks
MFA enrollment, inactive users, admin role review, password policy audit, application assignment compliance.
Google Workspace — 5 Checks
2SV enforcement, drive sharing, admin roles, MDM, third-party app access.
Internal Checks
Evidence freshness, compliance regression, access review currency, privileged audit, config drift detection.
Scheduled & Auto-Stored
Daily/weekly/monthly runs. Findings auto-create. Results stored as versioned evidence mapped to controls.
Audit-Ready Evidence Lifecycle
Continuously collects, versions, and maps evidence to controls — ready in minutes, not weeks.
6 GRC Modules — Included Free
Full CRUD, org isolation, stats dashboards, create modals. No add-on fees.
Risk Register (FAIR)
5×5 matrix. SLE × ARO = ALE. Mitigate, Accept, Transfer, Avoid. Auto-generated risk IDs.
Vendor Risk (VRM)
SOC 2/ISO/GDPR/DPA status per vendor. Risk scoring, review cadence. Competitors charge $5-15K/yr extra.
Policy Library
Version-controlled policies mapped to controls. Draft → Review → Published → Retired.
Compliance Calendar
Certification renewals, audit windows, deadlines. Overdue highlighting, recurrence scheduling.
AI Gap Analysis
Claude API: maturity scoring (0-5 CMM), effort/cost estimates. AI findings with transparency icon.
Security Training
Mapped to ISM-0252, NIST AT-2. Pass/fail, phishing sims, completion as evidence.
5-Stage Access Certification Workflow
Automated stage progression with email notifications to owner and certifier at every stage.
5 Email Notifications
Activation, reminder, due, overdue, completion. Branded HTML with stage progress bars.
Configurable Day Windows
Set per-stage day limits. Daily scheduler (6AM) auto-progresses. SoD violation detection.
Rubber-Stamp Detection
Identify auto-approvers. Bulk certify/revoke. Compensating controls for exceptions.
Data Privacy & Consent Management
GDPR Article 30, Privacy Act/APP, ISO 27701 ready.
Data Registry (ROPA)
Classification, legal basis, storage, retention, cross-border tracking.
Consent Records
Purpose, method, version, IP, expiry, withdrawal. 9 consent methods.
Subject Requests
Access, erasure, portability, rectification. 30-day SLA tracking.
Breach Incidents
10 types, 72h authority notification, cross-border impact assessment.
Assess Once, Comply With Many
45+ pre-verified mappings. Coverage percentages and strength indicators.
DORA & NIS2 — Built In
24 DORA controls + 16 NIS2 controls. Cross-mapped to ISO, NIST, PCI DSS, GDPR.
Continuous Compliance Engine — Never Scramble for an Audit Again
Activitee doesn't just assess your compliance at a point in time — it monitors it continuously. Your compliance posture is scored every hour, evidence expiry is tracked automatically, and drift is detected before your auditor finds it.
Compliance Pulse Score
A real-time 0–100 score per framework, updated hourly. Watch compliance improve over time with trend tracking and board-ready dashboards.
Evidence Lifecycle
Every piece of evidence has a validity window. Activitee tracks expiry, sends renewal reminders, and auto-creates tasks — so nothing slips through the cracks.
Drift Detection
Detects when compliance drifts: expired evidence, overdue training, degraded controls, offline connectors. Alerts are severity-graded and actionable.
Auto-Remediation
When evidence expires, linked controls auto-degrade. When training lapses, ISM-0252 and NIST AT-2 controls are flagged. Critical alerts escalate after 7 days.
Posture Dashboard
One screen shows overall score, framework-level breakdown with trends, evidence health bar, training compliance, and active drift alerts. CISO-ready.
Assess Once, Comply Many
Evidence collected for one framework automatically satisfies overlapping controls in others — saving up to 35% effort for multi-framework organisations.
OT, ICS & Critical Infrastructure — 9 Frameworks, 165 Controls
Purpose-built assessment support for energy, utilities, manufacturing, and critical infrastructure.
IEC/ISA 62443
Gold standard for IACS. Zones, conduits, Security Levels SL 1-4. Asset owners, integrators, suppliers. 5 domains, 23 controls.
NIST SP 800-82 Rev 3
Guide to OT Security (2023). ICS, SCADA, DCS, PLCs, safety systems. Maps to NIST 800-53. 5 domains, 17 controls.
NERC CIP
Mandatory for Bulk Electric System. CIP-002 to CIP-013: asset categorisation, ESP, supply chain. 10 domains, 26 controls.
AESCSF
Australian Energy Sector (AEMO). C2M2 + NIST CSF, mapped to ISM & Essential Eight. SP-1/2/3. 5 domains, 16 controls.
C2M2
US DOE maturity model (MIL 0-3). 10 domains for utilities, oil & gas, pipelines. Parent of AESCSF. 20 controls.
ISO/IEC 27019
Energy-utility extension of ISO 27002. Process control for electricity, gas, heat. 4 domains, 13 controls.
CISA CPGs
Voluntary baseline for US critical infrastructure. Outcome-focused, mapped to NIST CSF. 6 domains, 15 controls.
SOCI Act / CIRMP
Australian mandatory CIRMP for 11 sectors. Accepts NIST CSF, AESCSF, ISO 27001, Essential Eight. 6 domains, 17 controls.
MITRE ATT&CK for ICS
Adversary behaviour model for OT. Threat-informed assessments, purple-teaming. 5 tactics, 18 controls.
Your Entire Identity Ecosystem
Bidirectional connectors for identity aggregation and compliance monitoring.
Active Directory
Users, groups, OUs via LDAP/LDAPS.
Entra ID
Graph API: users, groups, roles, MFA.
Okta
Users, groups, apps, factor enrollment.
Google Workspace
Admin SDK: users, groups, 2SV, licenses.
OpenLDAP
Standard LDAP with TLS support.
AWS IAM
Users, roles, policies, access keys.
GCP IAM
SAs, roles, bindings via CRM API.
Azure IAM
RBAC assignments, managed identities.
Jira
Users, groups, project roles, perms.
GitHub
Members, teams, repos, SSO identities.
SCIM 2.0
Slack, Zoom, Box, Salesforce. RFC 7644.
ServiceNow
Users, groups, roles, ITSM flows.
Webhook
HTTP + 4 auth methods. Custom endpoints.
CSV Import
Bulk import, auto-detect 40+ aliases.
Three Plans — No Per-Module Fees
All plans include all 6 GRC modules, Trust Center, certification campaigns, and privacy vault.
Starter
Professional
Enterprise
See It In Action
Book a personalised demo and see how Activitee can transform your compliance operations.
Book a Demo