Frequently Asked Questions

• How do I know if I am compliant?

  Within the OneClickComply platform, the Report Card provides a high-level overview of your compliance progress. It displays the standards you’re working toward and how many technical tasks remain to be completed. It’s important to note that the percentages shown represent your technical compliance with a standard—not your overall compliance status. For example, if your Report Card shows 26% for ISO 27001, this means that 26% of the technical controls required by ISO 27001 have beenSome readers

• How are user roles and permissions managed within the platform?

  When onboarding, you will be asked to provide a list of people that you would like to have access to the platform. Permissions are handled on a tiered bases, with the Owner having the most control (able to complete tasks, assign admin permissions to other users etc.) then moving down to Administrator and Auditor roles. You may only have one Owner account active at a time, and this will be set-up during the onboarding process, and any changes to this account can only be authoriseFew readers

• What permissions are required to integrate OneClickComply with your tenancy?

  The OneClickComply platform can connect to a variety of different platforms such as Microsoft 365, Google Workspace, AWS, Azure, and Google Cloud. In order to enable our platform to conduct scans and remediate technical issues throughout these different environments, it will need to be granted certain permissions during the onboarding process. For example, for Microsoft 365 tenancies, a service account will be created within your Admin centre, whereas more complex tenancies such as AWS will reFew readers

• Can the platform be used to maintain compliance over time, or is it just a one-time solution?

  While you can use the OneClickComply platform to assess your compliance at a single point in time, it’s specifically built to help you manage and maintain compliance continuously. Key features like Continuous Monitoring, Audit Logs, and the Report Card work together to give you real-time visibility into your compliance posture. These tools not only help you track progress and respond to changes, but also serve as verifiable evidence of your compliance, both for internal stakeholFew readers

• What compliance issues does the platform scan for?

  Achieving compliance with a security standard has traditionally been a time-consuming and manual effort. OneClickComply simplifies this process by automatically scanning your business environment and generating a tailored list of outstanding compliance tasks. The platform performs this by analysing key aspects of your environment—such as security controls, configurations, and policies—and comparing them against the specific requirements of your selected compliance standard. It identifies both wFew readers

• What does the penetration testing do?

  The OneClickComply platform allows you to run penetration tests against your websites, APIs, applications, and other digital assets. These tests are designed to identify potential vulnerabilities and provide actionable recommendations for resolving them. Important: Please ensure that you only run penetration tests on systems, websites, or APIs that you own or have explicit permission to test. Unauthorised testing is strictly prohibited.Few readers

• Can I just implement the security controls without certification?

  Yes. Using the OneClickComply platform you can easily implement the security controls outlined by a security standard, but certification is entirely optional. Note: We must stress that implementing all the security controls and settings of a standard does not automatically make your business compliant. In most cases, additional documentation, non-technical controls, and an external review/audit are required before your business is considered compliant in your chosen standard.Few readers

• Why is the 'Fix this for me' approach different for cloud platforms?

  OneClickComply takes a slightly different approach to automated remediations for cloud platforms such as AWS, Azure, and Google Cloud Platform. These environments are often highly customised, so a more flexible method is required. When reviewing a task related to a cloud platform, you’ll still see the familiar “Fix this for me” button. However, instead of making the change automatically, OneClickComply will provide a tailored code snippet that you can copy and run in the appFew readers

• Why do I have Outstanding Tasks for areas I don't recognise?

  Outstanding Tasks are generated when the OneClickComply platform scans your full tenancy—including environments like Microsoft 365, Google Workspace, AWS, and others—and identifies any non-compliant settings, policies, or controls that are required by your selected compliance standards. Because this is a comprehensive scan, it may highlight areas of your environment that seem unfamiliar or that you believe are no longer in use. As an example, the platform may detect that a seperate AWS regiFew readers

• Does the platform support multiple cloud environments?

  Yes, the OneClickComply platform supports the simultaneous scanning and remediation of multiple cloud environments. Currently, integrations are available for AWS (Amazon Web Services), Microsoft Azure, and Google Cloud Platform (GCP). When multiple environments are connected, the platform clearly distinguishes between them. Each Outstanding Task is labelled with the relevant cloud provider's logo and tenancy name, so you’ll always know exactly where action is required. For moreFew readers

• Can automated remediations be customised?

  Unfortunately, automated remediations in the OneClickComply platform cannot be customised. Each remediation is specifically designed to align your settings and controls with the exact requirements of the compliance standard you've selected. This ensures consistency, reliability, and audit-ready configurations across all supported standards, for all of our customers. If you have questions about a particular remediation, are working with a non-standard framework, or would like to discuss your spFew readers

• What is the process for getting certified using the platform?

  Getting certified through the OneClickComply platform is designed to be as straightforward and efficient as possible. Here's how the process typically works: Choose Your Compliance Standard(s): Start by identifying the standard or framework you want to work towards, such as Cyber Essentials, SOC 2, ISO 27001, or CIS. Connect Your Environments: Integrate your environments (e.g. Microsoft 365, AWS, Google Cloud, Azure) so that the platform can begin scanning your setup and gatherinFew readers

• What other features does the platform offer aside from automating compliance?

  Aside from automatically detecting and remediating compliance gaps within your business, the OneClickComply platform offers multiple other features to make your compliance journey signifcantly easier. These features include: Automated policy generation that reflect your currently implemented security controls. (Click here to learn more) Continuous monitoring of your compliance, with automated alerts when gaps or driFew readers

• Can the platform be customised to accommodate specific compliance frameworks?

  At present, the OneClickComply platform does not support automated scanning or remediation for custom, non-standard compliance frameworks or internal security policies. Out of the box, OneClickComply is designed to automate the technical tasks required for widely recognised standards such as Cyber Essentials, SOC 2, CIS, and ISO 27001. It’s worth noting that comprehensive frameworks like ISO 27001 often cover many of the same controls found in these custom frameworks. However, because custom rFew readers

• What standards and frameworks being added in the future?

  With so many compliance frameworks, standards, and regulations in circulation today, prioritising what to support next can be challenging. That’s where your input is invaluable. At OneClickComply, we genuinely value your feedback and want to hear what you'd like to see added to the platform. To make this easy, we've included a Feedback button within the platform (see below), which can be accessed on every page. Clicking it gives you access to our public roadmap, where you can vote on upcomiFew readers

• What licences do I need for compliance?

  This question can be a little tricky to answer, so let's break it down into manageable sections. What Is a Licence? In platforms like Microsoft 365 or Google Workspace, a licence refers to a subscription assigned to a user that grants access to specific tools, features, and security capabilities. Each licence type (e.g. Microsoft Business Basic, Google Workspace Business Plus) offers a different level of functionality. Licences are typically managed through an admin console, where they caFew readers

• How often are the automated scans performed?

  The frequency of automated compliance scans in OneClickComply depends on your subscription package. Scans are performed automatically at intervals ranging from quarterly to bi-monthly, depending on your plan. During each scan, the platform reviews your current security controls and policies, comparing them against the requirements of your selected compliance standard. In addition to generating a list of Outstanding Tasks, the scan will also flag any previously compliant items that have sincFew readers

• Can the platform handle on-premise/private cloud environments?

  Due to the unique and varied configurations of on-premise and private cloud environments, the OneClickComply platform does not currently support integration with these setups. If you’re operating in an on-premise or private cloud environment and would like to explore alternative support options, we encourage you to contact our support team. We’ll work with you to better understand your requirements and determine how OneClickComply may still be able to assist.Few readers