GetCheckmark

Compliance reporting

Native export to common GRC platforms. Pre-built reports for SOC 2, ISO 27001, NIST CSF, PCI DSS, DORA, and DORA RTS expectations.

Awareness training appears as a control requirement in nearly every major information-security framework. The specific evidence each framework expects varies, and GRC teams spend significant time translating between the platform's native reporting and the framework's evidentiary requirements.

GetCheckmark's compliance reporting layer ships pre-built reports for six frameworks: SOC 2 (Trust Services Criteria CC1.4 and CC2.2), ISO 27001:2022 (Annex A.6.3 and A.6.5), NIST CSF (PR.AT-1 through PR.AT-5), PCI DSS v4.0 (Requirement 12.6), DORA (Article 13 Section 6 and the relevant RTS), and GDPR Article 32.

Each report can be exported as PDF, structured data (CSV/JSON), or pushed directly to GRC tooling (Archer, ServiceNow GRC, Diligent, OneTrust) via native connectors.

Custom framework mapping is supported for clients with sector-specific or internal frameworks. We work with the GRC team to build the mapping, validate it against the underlying control set, and deploy it to the tenant.

Typical deliverables

  • Pre-built reports for SOC 2, ISO 27001, NIST CSF, PCI DSS, DORA, GDPR
  • Native GRC tool connectors (Archer, ServiceNow GRC, Diligent, OneTrust)
  • Custom framework mapping for sector-specific or internal frameworks
  • Time-bound evidence packs aligned to audit periods
  • Continuous-evidence mode (for SOC 2 Type II and similar)

Engagement model

Included in the standard platform subscription. Custom framework mapping is a professional-services scope; typical effort is two to four weeks per framework.

Get in touch

To discuss whether this service is a fit for your organisation, contact us at team@getcheckmark.com or use the contact form.