Extensibility

Governy comes ready to use for the regulatory frameworks most organisations need today — and adapts to your own with minimal effort. You are never locked into a fixed list.

GIF PLACEHOLDER — Framework Library

Built for the frameworks you already use

Out of the box, Governy includes full support for:

Framework	Coverage
ISO 27001:2022	ISMS Clauses 4–10 and a Statement of Applicability for all 93 Annex A controls, including the 11 controls new in the 2022 revision
GDPR	Full General Data Protection Regulation assessment journey
DORA	Full Digital Operational Resilience Act assessment journey
NIS2	Network and Information Security Directive (EU) 2022/2555 — full assessment journey
CyFun	Belgian Centre for Cybersecurity framework, with maturity scoring
Custom	Any framework your organisation defines itself

Each built-in framework comes with a workspace tailored to it: the right sidebar navigation, the right requirement groupings, and the progress metrics that make sense for that specific standard.

Adding a custom framework

Organisations that need to assess against internal standards, sector-specific regulations or partner-defined frameworks can add them to Governy without rebuilding the platform. The process has three steps:

1. Describe your framework Capture the requirements, their hierarchy and their groupings in a structured definition that Governy imports directly.

2. Choose the experience Use the default workspace as-is, or have a custom UI module built for a more tailored experience (see below).

3. Start auditing Once added, the new framework appears in the Framework Library and can be chosen when creating an audit. Every existing capability — assessment scoring, evidence management, approval workflows and report generation — works with it immediately.

GIF PLACEHOLDER — Selecting a framework for a new audit

Note

Frameworks added this way get exactly the same full-featured workspace as the built-in ones. There is no “lite” or limited mode for custom frameworks.

Default UI, or a custom UI module

Any framework can be used in Governy — including ones you define yourself. What differs is only how tailored the audit experience is:

• Default UI (works out of the box) — every framework you add immediately uses the standard workspace and a default set of statistics: requirement-by-requirement assessment, evidence, tasks, planning, approvals and reporting. No development is required, and this is enough for most frameworks.
• Custom UI module (optional, for a perfect fit) — when a framework benefits from a more specific experience, a dedicated UI module can be built for it. The module shapes the navigation journeys, the sidebar, the progress indicators and the statistics shown on the overview — so the audit looks and behaves exactly the way that framework demands. This is precisely how the built-in ISO 27001, GDPR, DORA, NIS2 and CyFun experiences are delivered: each is a UI module on top of the same engine.

In short: start with the default UI for any framework, and add a custom UI module whenever you want the experience purpose-built for it.

What a custom framework defines

Each framework independently shapes the audit experience along these lines:

• Navigation journeys — one or more assessment paths within the same framework (for example, ISO 27001 has separate journeys for the ISMS Clauses and the Statement of Applicability)
• Sidebar structure — which sections appear in the audit sidebar for this framework
• Completion metrics — which progress indicators appear on the audit overview
• Control groupings — let reviewers filter requirements by group (for example, technical vs. organisational controls)
• Applicability toggles — enable per-control in-scope / out-of-scope declarations, as used in the ISO 27001 SoA

No lock-in

Each framework is maintained independently of the others. When a regulation is updated — as ISO 27001 was in 2022 — that framework can be revised on its own, without affecting any other framework or any existing audit data. Your historical audits stay exactly as they were.