Set each control’s status
Mark every control as full, partial or none, with anything untouched left as unknown. Each control carries its own status and a note describing the gap, so the state of a requirement is explicit, not implied.
Set each control to full, partial or none and devguard rolls it up into an overall coverage percentage and a per-framework breakdown. Open gaps show up control by control as you work, so you find them with months to fix them instead of in the two weeks before an audit.
Coverage is the sum of where each control stands. You set the status; the percentages and the gaps follow.
Mark every control as full, partial or none, with anything untouched left as unknown. Each control carries its own status and a note describing the gap, so the state of a requirement is explicit, not implied.
devguard counts your control statuses into an overall coverage percentage and a percentage per framework. ISO 27001, SOC 2 and GDPR each show how complete they are from the same control set, with full counts of covered, partial and uncovered controls.
Open gaps surface control by control as you go, not as a single number at the end. You see exactly which requirements are partial or uncovered while there’s still time to act on them.
Because every control’s status is live, an uncovered requirement is visible the day it falls behind, so the gap list arrives months before the audit instead of in the final fortnight.
Four choices behind how coverage works here, each one something you can check.
Each control is full, partial, none or unknown, so coverage is a count of real states rather than an estimate.
Each framework shows its own coverage percentage drawn from the same controls, so adding a standard reuses what’s already mapped.
An uncovered or partial control shows up individually, with a note describing the gap, instead of hiding inside a single percentage.
Controls you haven’t assessed are flagged as unknown rather than counted as covered, so the percentage doesn’t flatter you.
Hosted in Switzerland by default, in German and English, with on-premise possible. Your data and evidence are yours and exportable in full at any time, with no lock-in.
Coverage is the roll-up of everything else. It reads from your controls, the policies that satisfy them, the audits that test them and the reports you share, all in the same workspace.
Coverage rolls up the control set every framework shares.
A published policy moves the controls it covers forward.
Close the gaps coverage surfaces before the audit.
Export coverage and gaps as a PDF to share.
They’re the status of each control. Full means the control is met, partial means it’s underway, and none means it’s a gap. Controls you haven’t assessed yet stay unknown, so they’re never silently counted as covered.
Yes. You get an overall coverage percentage and a separate percentage for each framework, drawn from the same control set, so ISO 27001, SOC 2 and GDPR each show how complete they are without you maintaining a separate tracker per standard.
Yes. Gaps show up control by control, each with a note describing what’s missing, rather than rolling into a single number. You can see precisely which requirements are partial or uncovered while there’s still time to fix them.
A coverage spreadsheet is a snapshot someone updates by hand before the audit, so it’s only as current as the last person to touch it. Here, coverage is computed live from each control’s status, rolls up per framework, and surfaces gaps by control as they happen, so the picture is current the day you open it, not the week before the deadline.
Swiss-hosted by default, in German and English, with on-premise possible. Your control statuses, coverage and gaps are yours and exportable at any time, so there’s no lock-in.
Set each control’s status once and watch coverage roll up per framework, with open gaps surfaced by control months before the audit instead of the week before.