Skip to main content

Governance intelligence for access, cloud, and SaaS. Now in early access

Nuxari
Compliance & Readiness

Compliance readiness in Nuxari

Understand what compliance readiness means in Nuxari, the two workspace types, and how Nuxari supports SOC 2 and ISO 27001 program building.

Last updated: June 2026

Compliance readiness in Nuxari means the platform helps you build and operate a structured program. Nuxari is building towards SOC 2 and ISO 27001 certification. Certification reports will be shared when completed external audits are available.

What compliance readiness means

Compliance readiness in Nuxari is the ability to demonstrate that your organization has documented controls, collected supporting evidence, assessed and treated risks, approved policies, and reviewed access — all tracked in a structured, auditable way.

Readiness is not a certification. A certification requires an external audit by an accredited third party. Nuxari helps you organize, operate, and evidence the work that leads to a successful audit. The platform does not issue or guarantee certification outcomes.

Two compliance workspace types

There are two distinct compliance contexts in Nuxari:

  • Nuxari internal compliance program. This is the program Nuxari itself operates to build its own SOC 2 and ISO 27001 readiness. Nuxari is actively working towards formal certification. This program is internal to Nuxari and not accessible to customers.
  • Client tenant compliance workspace. This is the compliance module available inside your own Nuxari tenant. Customers use it to build, operate, and evidence their own SOC 2 or ISO 27001 compliance programs. Your data, your controls, your evidence — fully isolated to your organization.

Nuxari's own compliance program

Nuxari is building towards SOC 2 Type II and ISO 27001 certification. We are not yet formally certified. We are operating the internal controls, gathering evidence, and preparing for external audit engagement. Certification reports will be shared with customers when external audits are completed and reports are available.

For information about Nuxari's security practices, visit the Nuxari Trust Center.

Compliance readiness topics

SOC 2 readiness

How Nuxari maps to Trust Services Criteria for SOC 2 Type I and Type II programs.

ISO 27001 readiness

ISMS scope, Annex A control mapping, and how Nuxari supports your ISO 27001 program.

Built-in control library

Controls mapped to SOC 2 and ISO 27001, with statuses driven by collected evidence.

Evidence collection

Evidence types, lifecycle, expiration, and role-based collection.

Policy center

Policy lifecycle from draft to approved, and how approved policies unlock control readiness.

Risk register

Risk management, treatment options, and how unresolved high risks block control readiness.

Vendor register

Vendor risk management, DPA tracking, and subprocessor oversight.

Access reviews

Quarterly user reviews, privileged access reviews, and how completed reviews generate evidence.

Audit packages

Export controls, evidence, and exceptions for external auditors.

Compliance roles and permissions

Which roles have access to the compliance module and what they can do.

Troubleshooting

Resolve blocked controls, export failures, policy approval issues, and more.

Related docs

SOC 2 readiness

Trust Services Criteria mapping and program guidance

ISO 27001 readiness

ISMS and Annex A control mapping

Trust Center

Nuxari's security practices and certification status

Roles and permissions

Role reference for compliance access

Was this page helpful?