Frameworks Library
The Frameworks Library is the catalogue of every compliance framework available on the platform. A framework defines the set of requirements — controls, articles or clauses — that an audit measures against.
Governy is a multi-framework platform: each audit follows one framework, but your organisation can run many audits side by side, each under a different framework. The platform tailors its charts, sections, scoring and navigation to whichever framework an audit uses.
Supported frameworks
| Framework | Description |
|---|---|
| CyFun | Belgian Centre for Cybersecurity framework, with maturity scoring across five categories |
| NIS2 | EU Network and Information Security Directive 2 |
| ISO 27001:2022 | International information security management standard, with two journeys (Clauses + Statement of Applicability) |
| DORA | EU Digital Operational Resilience Act |
| RGPD / GDPR | EU General Data Protection Regulation |
| Custom | Frameworks your organisation defines itself |
Administrators can add or update frameworks at any time from Settings.
Browsing and exploring
The library lists every installed framework with its name, description, number of requirements and whether it’s currently in use. Open a framework to explore it in full: its description and version, its scoring scale, any maturity or theme groupings, and the complete tree of domains, sub-domains and individual controls — useful for sizing up a compliance effort before you begin.
How a framework shapes an audit
Once an audit is created, its framework is fixed for its lifetime and determines:
- The sections available — for example, ISO 27001 adds a Statement of Applicability, while GDPR focuses on articles.
- The charts on the overview — a compliance donut for everyone, plus domain bars, a radar, a GDPR breakdown or a CyFun heatmap where relevant.
- The scoring scale — each framework brings its own range and result labels, and the assessment form adapts to match.
- Requirement groupings — some frameworks split requirements by maturity level or theme, with a switcher to move between them.
- Applicability decisions — frameworks like ISO 27001 let you mark controls in or out of scope.
- Control badges — highlights such as “New 2022” for the controls added in ISO 27001:2022.
Custom frameworks
Your organisation can define its own framework, capturing its name and version, scoring scale, any groupings and the full requirement hierarchy. Once added it appears in the library and can be chosen for new audits — delivering full assessment, evidence, documentation, planning and approval functionality with no technical work required.
Who can do what
| Action | Admin | Domain Manager | Analyst | Approver | Auditee | Reader |
|---|---|---|---|---|---|---|
| Browse the library | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| View framework details | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |
| Add / remove a framework | ✓ | ✗ | ✗ | ✗ | ✗ | ✗ |