Thoropass is expanding the way you view and manage compliance controls by giving you the ability to view framework controls alongside our existing Unified Controls. This update is designed especially for teams that want more granular visibility into framework-specific requirements, without giving up the simplification and efficiently that Unified Controls and multi-framework tasks and action items provide.
Why This Matters
Thoropass’s Unified Controls helped streamline compliance for many clients by consolidating duplicative controls across frameworks. However, we recognize that enterprise compliance teams and auditors often prefer to work directly with the original framework controls they know and trust. Now, with our new Framework Controls view, you can:
See exactly how your compliance program maps to authoritative frameworks like HITRUST, SOC 2, or ISO 27001.
Report on framework-specific compliance more accurately.
Navigate your controls in a structure that mirrors the original regulatory or industry standard.
Key Capabilities
Switch Between Unified and Framework Views
A new toggle allows you to easily change how you view controls:
Unified View: The simplified, grouped controls you’re already familiar with.
Framework View: A breakdown of the original controls from each framework, shown individually.
Framework Controls Table
When in Framework View, the Controls table will display the following for each framework control:
Framework – The framework the control comes from (e.g., HITRUST, ISO 27001).
Control ID – The original framework ID (e.g., “A.5.1.1” or “PR.AC-1”).
Control Name – The framework’s official title for the control.
Description – A clear explanation of what the control requires.
Status – The current implementation status (i.e., Healthy, Needs Attention, In Setup, Not Started).
Related Unified Control – The Unified Control(s) this framework control contributes to.
Search and Filters
You can quickly search or filter framework controls using:
Control ID (Search)
Control name or description (Search)
Framework (Filter)
Framework Control Status (Filter)
Related Unified Control (Filter)
Status Summaries Across Two Key Views
Thoropass provides two places where you can monitor the health and progress of your controls—each offering a distinct perspective:
1. Controls Page: Overall Framework Control Status
At the top of the Controls page, you'll find a status summary showing the total number of framework controls in your program, broken down by their current state (Healthy, Needs Attention, In Progress, Not Started, No Health):
Note: These numbers represent a global view across all frameworks and do not change when filters are applied to the table below. They provide a quick-glance overview of your entire compliance environment at the framework control level.
2. Dashboard: Framework-by-Framework Health Insights
On the Dashboard, you can see a more detailed breakdown of control health for each individual framework (e.g., ISO 27001, SOC 2, HITRUST). This view is especially helpful if you manage multiple frameworks and want to assess readiness at the framework level.
Each framework card displays:
A program health bar segmented by control status.
The number of controls in each status (Healthy, Needs Attention, In Progress, Not Started, No Health).
An estimated readiness percentage (where applicable).
This view helps you focus your attention where it’s needed most—whether one framework is lagging behind or another is nearly complete.
Framework Control Details Page
When you click on a specific framework control from the Controls table, you’ll be taken to a Framework Control Details Page. Here’s what you can expect on this page:
Control Header
At the top of the page, you’ll see:
Framework Control ID – For example:
02001.09j1Organizational.124, which reflects the original control ID from the source framework.Control Name – The official title of the control (e.g., Controls Against Malicious Code).
Control Description – A detailed explanation of what the control is asking your organization to implement or maintain.
Control Status – A visual badge (e.g., Healthy, Needs Attention) that shows the real-time health of this individual control.
Action Items
Beneath the control description, you’ll find any Action Items linked directly to this control. Each Action Item includes:
A title and description of the required task.
Icons for frequency and due date configuration.
(Jira Sync is not currently supported from this view).
Note: Most Action Items are linked to multiple unified controls (across frameworks or unified controls), any updates (due date, assignee, completion status) will sync across all associated controls automatically.
Monitors
The Monitors section shows you which automated or manual checks are tied to this control, including:
Monitor name or type
Health status (e.g., Healthy)
A quick access button to view monitor details
Related Thoropass Unified Controls
On the right-hand panel, you’ll see the Unified Control(s) that this framework control maps to. This includes:
Unified Control ID and title (e.g.,
CTRL-822 – Malicious Code Protection)Unified Control status
Unified Control owner
Why this matters: Even though you’re working with framework-specific controls, this linkage ensures your work still rolls up to the broader Unified Control model.
What’s Not Shown on the Framework Control Page
Some elements are only managed at the Unified Control level and won’t appear directly on the framework control page as they are only tied to the Unified Control:
Evidence requests
Policy attachments
Main control owner
Control family classification
This separation preserves the clarity of framework controls while still benefiting from centralized control management.
Getting Started
To explore Framework Controls:
Go to the Controls page.
Use the view toggle at the top to switch between Unified and Framework views.
Use the table, filters, and search to dive into your frameworks as needed.
If you're looking for guidance or want help setting up reports with framework control data, reach out to your Customer Success Manager or contact our support team.