Learning Guide · 5 chapters

GRC Frameworks 101

A structured introduction to compliance frameworks: what they are, why organisations adopt them, and how to map your controls across multiple frameworks at once. Covers ISO 27001, NIST CSF 2.0, and multi-framework strategy.

  1. 1
    What is a Compliance Framework?
    Defines what a framework actually is, the components every framework has in common, and why organisations adopt them in the first place.
  2. 2
    Choosing a Framework for Your Organisation
    A decision tree for picking the right starting framework based on industry, region, customer pressure, and organisational maturity.
  3. 3
    A Tour of ISO 27001
    The structure of ISO 27001:2022 — the management-system clauses, the four Annex A themes, and how the section hierarchy is represented in Blankitt.
  4. 4
    A Tour of NIST CSF 2.0
    The six functions of NIST Cybersecurity Framework 2.0, what makes it different from a certification framework, and how to use it as a programme structure.
  5. 5
    Multi-Framework Mapping
    How a single Blankitt control can satisfy requirements in ISO 27001, SOC 2, NIST CSF, and Cyber Essentials simultaneously — and why that makes a multi-framework programme cheaper than the sum of its parts.