Quickstart Guide - Getting Started with Openlane
You made it to Openlane! The fastest way to understand the platform is to build something real, so this guide walks you through the first few steps to get your environment set up and your compliance program taking shape.
Set Up Your Organization
Start by configuring how your team will access Openlane.
Navigate to: Organization settings
What to do:
- In
Authentication, add your allowed email domains- Example:
yourcompany.ai - Include domains for any fractional support (consultants, VCISOs) if applicable
- Example:
- Choose whether to allow auto-join
- Enabled → anyone with an approved domain can join automatically
- Disabled → users must be invited manually
If you're working with a fractional CISO or consultant, adding their domain upfront makes collaboration much smoother.
Invite Your Team
Compliance is a team sport. Bring in the people who are helping you build and manage your program.
Navigate to: User Management
What to do:
- Invite teammates across:
- Engineering
- Security / IT
- HR / People Ops
- Leadership
- Assign roles as needed
No per-user fees.
Invite your whole team — not just a “compliance owner.” The best programs reflect how your organization actually operates, so we don't charge you more for building your program the right way and growing your business.
Add a Standard
Next, define what you're working toward.
Navigate to: Standards Catalog
What to do:
- Click
Detailsand select a relevant domain. For SOC 2, these are the Trust Services Criteria (remember, Security is the only required TSC) - Select and enable a framework:
- SOC 2
- ISO 27001
- HIPAA
- ISO 42001
- You can enable multiple frameworks without duplicating work.
Openlane is made to support your success. Turn on only what you need now and expand later without starting over.
Upload Controls
Controls are the backbone of your program. They define how you actually meet requirements.
What to do:
- Create or import controls that reflect your real processes
- Map them to your selected framework(s)
Don’t over-engineer this. Your selected auditor will likely provide "suggested controls", which can help you get started.
Upload Policies
Policies define intent. Controls prove execution.
What to do:
- Upload existing policies (if you have them)
- Or generate new ones using Openlane's integrated AI
- Link policies to relevant controls
Policies don’t need to be perfect on day one. They should evolve alongside your program.
What’s Next: Start Customizing
Now that you have the foundation:
- Refine controls to match how your team actually works
- Upload real evidence from your existing tools
- Assign ownership across your team
Explore next:
- Registry → Track assets, vendors, and personnel
- Exposure → Manage vulnerabilities, findings, and remediations
Want Help?
If you want to go faster, we’ll build it with you.
No slides. No sales pitch. Just direct access to our experience.