Custom Frameworks
Beyond built-in frameworks (NCA ECC, PDPL, CSCC), AIIA supports creating custom compliance frameworks for internal policies, industry standards, or regional regulations.
Creating a Custom Framework
- Navigate to Compliance → Frameworks → + New Framework
- Fill in framework details:
| Field | Description | Required |
|---|---|---|
| Code | Unique identifier (e.g., INTERNAL-IT-2027) | ✅ |
| Name | Framework name | ✅ |
| Name (AR) | Arabic name | Optional |
| Description | Framework purpose and scope | Optional |
| Version | Framework version number | ✅ |
| Issuing Body | Who issued the framework | Optional |
| Category | regulatory, standard, internal | ✅ |
Adding Requirements
Manual Entry
- Click + Add Requirement in the framework
- Enter the requirement code, title, and description
- Set the hierarchy level (domain, subdomain, control)
- Repeat for all requirements
Import from CSV
- Click Import → CSV
- Upload a CSV file with columns: code, title, description, parent_code
- Map the CSV columns to framework fields
- Review and confirm the import
Hierarchical Structure
Requirements support parent-child relationships:
Domain 1
├── Subdomain 1.1
│ ├── Requirement 1.1.1
│ └── Requirement 1.1.2
└── Subdomain 1.2
└── Requirement 1.2.1
Cross-Framework Mapping
Custom frameworks can be mapped to built-in frameworks:
- Link custom requirements to NCA ECC, PDPL, or other standards
- Identify shared controls across frameworks
- Reduce duplicate compliance work
Versioning
When updating a framework:
- Create a new version rather than editing the existing one
- Active assessments continue on their original version
- New assessments use the latest version
Permissions
| Action | Manager | CAE | Admin |
|---|---|---|---|
| Create frameworks | ❌ | ✅ | ✅ |
| Edit frameworks | ❌ | ✅ | ✅ |
| Import requirements | ❌ | ✅ | ✅ |
| Delete frameworks | ❌ | ❌ | ✅ |
| Map controls | ✅ | ✅ | ✅ |