The heatmap
Each cell in the heatmap is one requirement × one framework. The colour is the status:
Reading the heatmap horizontally tells you about cross-framework overlap. A red row across all three frameworks means closing that single requirement closes three gaps at once.
Gap analysis
The gap analysis is the heatmap pivoted: list of all open gaps, sorted by remediation impact.Sort options
What “impact” measures
A single requirement’s impact iscount of frameworks affected × max severity. So an EU AI Act high-severity gap that also fails NIST and ISO 42001 outranks an isolated low-severity gap, even if the latter looks scarier individually.
Reading the heatmap
1
Start with the rows
Sort by severity descending. The top rows are the most painful gaps.
2
Look at the row's colour pattern
A row red across all three columns is high-leverage. A row red in one column only is framework-specific.
3
Click the cell
Each cell drills into the requirement detail — backing controls, current evidence, what’s missing.
4
Take action
Either provide manual evidence, schedule an assessment, or fix the underlying telemetry/policy that drives the control.
Exporting
Both views support PDF and CSV export. The exported gap analysis is the format most GRC teams paste into their tracking tool.Related resources
Evidence
The mechanism for closing manual-evidence gaps.
Compliance overview
Per-framework views the heatmap aggregates.

