The main focus for the compliance capabilities is to track Internal, External, or Third-Parties (such as customers) Audit activities and related findings. Having a common repository, that allows the organization to track and remediate the technical or operational gaps outlined by these findings.

Audit activities include as well the development of an annual plan that can simplify the audit process throughout the year, preventing redundant tasks.

The use of a regulatory mapping process will help the organization to organize and simplify by control the evidence that each capability or process generates, and store it on the Risk Registry (Information Services Domain)