How do I keep track of compliance status?
Quick answer
Section titled “Quick answer”You read the compliance status directly off the module’s two lists: under Policies, you see each entry’s framework and status (Draft, Active, Review, Archived); under Risks, the risk level and review date. This gives you an at-a-glance view of which requirements are active, which are up for review, and which risks are critical. For metrics that span tiers, fetch the lists via the API and evaluate them yourself.
Prerequisites
Section titled “Prerequisites”Compliance is a Pro feature. There is no dedicated “status” report — the evaluation happens through the existing lists and their filters.
Instructions
Section titled “Instructions”-
Review policies by status/framework. Open Compliance → Policies. The list shows each policy’s framework, reference ID, and status. Watch for entries with the status Review — they’re due for review — and drafts, which aren’t yet in effect.
Screenshot pendingcompliance-status-01Policy list filtered by framework ISO 27001, with a status columnEvaluating policies by framework and status. -
Review risks by level and review date. Switch to the Risks tab. The list is sorted by creation date and shows risk level, likelihood, impact, and review date. This lets you find critical and high risks, as well as assessments whose review date is overdue.
Screenshot pendingcompliance-status-02Risk list with Risk Level and Review Date columns, critical risks highlightedEvaluating risks by level and due review date.
For metrics, fetch the full lists and evaluate them client-side. Both endpoints return every entry for your tenant.
curl -H "Authorization: Bearer inv_dein_token" \ https://demo.notory.io/api/v1/compliance/policiesExample: counting the share of active policies per framework (using jq):
curl -s -H "Authorization: Bearer inv_dein_token" \ https://demo.notory.io/api/v1/compliance/policies \ | jq 'group_by(.framework)[] | {framework: .[0].framework, gesamt: length, aktiv: (map(select(.status=="active")) | length)}'Find due risk reviews (review date in the past):
curl -s -H "Authorization: Bearer inv_dein_token" \ https://demo.notory.io/api/v1/compliance/risks \ | jq --arg heute "$(date +%F)" \ 'map(select(.review_date != null and .review_date < $heute))'What happens behind the scenes?
Section titled “What happens behind the scenes?”- No aggregate endpoint: The Compliance module returns raw lists, not a ready-made status metric. You evaluate them through filters (GUI) or the list response (API) — which keeps it flexible and precise.
- Your tenant only: Both lists are scoped to your tenant; metrics never mix in data from other tenants.
- Sorting: Policies come sorted by title, risks by creation date (newest first).
- Status as a maturity level: The policy status (
draft→active→review→archived) is the key lever for audit preparation: “How many controls are active?” is answered directly from it.
Related topics
Section titled “Related topics”- What does the Compliance module cover?
- Add and assess a policy
- Assess and treat a risk
- Reports — free-form evaluations across your own object types