Compliance in LeanIX SMP helps you to determine compliance exposure and mitigate risks in your services. Compliance provides an overview of all your services to ensure compliance with certain regulatory requirements. In Compliance, you can:

• Track if discovered Saas has been approved by your security team
• Discover and track services in your SaaS stack to ensure compliance with GDPR, SOC2, and other regulatory requirements
• Remove security threats, secure access to your data, and eliminate the risk of unauthorized access

How it works

You can see an overview of the services compliancy presented in the Compliance tab.

LeanIX SMP supports several compliance certificates such as CCPA, GDPR, IOS27001, PCI, and SOC2. To enable the compliance option go to Settings -> click on Compliance and enable the types of compliance standards you would like to track for your services.

On the service level, you can now input information for previously enabled selected compliance standards on a simple form as shown below. If all are enabled you can now add information for:

• Has the service been approved by the security team within the company?
• CCPA compliance state
• GDPR compliance state
• ISO 27001 compliance state
• PCI compliance state
• SOC2 compliance state

Who can access the Compliance

For viewing the compliance tab user access is enough. If you want to fill out compliance status per service admin or department admin permissions are needed.

Proof of compliance with the Attachment

Some compliances come with attachments, which confirm that the service is compliant. We suggest you add attachments on the attachments tab on the service level, to keep track of this documentation.