Frameworks

Display the compliance frameworks and certifications your organization has achieved. Enabled frameworks appear on your public Trust Center.

Only Enable What You've Achieved

This is important: only enable frameworks you've actually completed through an audit or certification. Visitors see these as trust signals. Misrepresenting compliance status damages trust and may have legal implications.

Enable a framework after:

Completing the required audit or assessment
Receiving the certification or attestation
Confirming the certification is still current

Available Frameworks

Openlane includes common frameworks: SOC 2, ISO 27001, ISO 27002, HIPAA, GDPR, PCI DSS, NIST CSF, NIST 800-53, NIST 800-171, and FedRAMP.

Frameworks marked "Recommended" are ones you have controls mapped to in Openlane, indicating relevance to your compliance program.

Custom Frameworks

For frameworks not in the standard list (like StateRAMP or industry-specific standards), you can add custom frameworks with your own title, description, and logo.

Custom frameworks can only be deleted when they're not enabled on your Trust Center.

Publishing Changes

Framework selections use the same draft/publish workflow as the rest of the Trust Center. Toggle frameworks on or off, then click Publish to make changes visible.

Best Practices

Keep framework selections current as certifications expire or renew
Upload the corresponding certification documents in the Documents section
Review selections periodically to ensure accuracy

Only Enable What You've Achieved​

Available Frameworks​

Custom Frameworks​

Publishing Changes​

Best Practices​

Only Enable What You've Achieved

Available Frameworks

Custom Frameworks

Publishing Changes

Best Practices