Loading...
Loading...
Define compliance objectives, set deadlines, track progress, and manage milestones across multiple regulatory frameworks.
DRD supports first-class compliance goal templates for major regulatory and certification frameworks. Each template includes pre-built controls, evidence requirements, and scoring rubrics.
EU General Data Protection Regulation. Data processing agreements, DPIA templates, consent tracking, and breach notification workflows.
42 pre-built controls
Service Organization Control Type II. Trust service criteria covering security, availability, processing integrity, confidentiality, and privacy.
61 pre-built controls
Health Insurance Portability and Accountability Act. Administrative, physical, and technical safeguards for protected health information.
54 pre-built controls
European Union AI Act. Risk classification, transparency obligations, human oversight requirements, and high-risk system documentation.
38 pre-built controls
Information Security Management System. Annex A controls, risk assessment methodology, statement of applicability, and continuous improvement cycle.
93 pre-built controls
Define your own compliance framework with custom controls, evidence types, and scoring weights. Map to internal policies or industry standards.
Every compliance goal transitions through five lifecycle states. DRD automatically moves goals between states based on evidence completeness, control scores, and expiration dates.
Draft
Goal created but not yet activated. Controls and evidence requirements are being defined. No scoring applied.
Active
Goal is live and being tracked. Controls are evaluated continuously. Progress score updates in real time.
At-Risk
Progress score dropped below the threshold (default: 70%). Automated alerts trigger and remediation tasks are created.
Achieved
All required controls pass with evidence. Progress score meets or exceeds the target. Certification snapshot is created.
Expired
Goal passed its review date without renewal. Must be re-activated or archived. Archived goals remain in audit trail.
Automatic State Transitions
When a goal's progress score drops below the at-risk threshold, DRD automatically transitions it from Active to At-Risk and creates a remediation task assigned to the goal owner. When the score recovers, the goal moves back to Active.
Each goal has a composite progress score from 0-100, calculated from the weighted completion of its underlying controls.
| Component | Weight | Description |
|---|---|---|
| Control Completion | 50% | Percentage of controls with passing evidence |
| Evidence Freshness | 20% | How recently evidence was collected or renewed |
| Risk Assessment | 15% | Residual risk rating from associated risk register |
| Remediation Velocity | 15% | Average time to close findings and non-conformities |
At-Risk Threshold
The default at-risk threshold is 70%. This can be customized per goal or per framework. Government-tier workspaces default to 85%.
curl -X POST https://api.drd.io/v1/compliance/goals \
-H "Authorization: Bearer drd_ws_sk_live_Abc123..." \
-H "Content-Type: application/json" \
-d '{
"framework": "gdpr",
"name": "GDPR Full Compliance 2026",
"description": "Achieve full GDPR compliance across all data processing activities",
"targetScore": 95,
"atRiskThreshold": 70,
"reviewDate": "2026-12-31T00:00:00Z",
"owner": "usr_01HQ3XBN4RTYP",
"tags": ["data-protection", "eu-regulation"]
}'
# Response
{
"ok": true,
"data": {
"id": "goal_01JM7XBN4RTYP",
"framework": "gdpr",
"name": "GDPR Full Compliance 2026",
"state": "draft",
"progress": 0,
"targetScore": 95,
"atRiskThreshold": 70,
"controlsTotal": 42,
"controlsPassing": 0,
"reviewDate": "2026-12-31T00:00:00Z",
"createdAt": "2026-02-14T12:00:00Z"
}
}curl "https://api.drd.io/v1/compliance/goals?state=active&framework=gdpr" \
-H "Authorization: Bearer drd_ws_sk_live_Abc123..."
# Response
{
"ok": true,
"data": [
{
"id": "goal_01JM7XBN4RTYP",
"framework": "gdpr",
"name": "GDPR Full Compliance 2026",
"state": "active",
"progress": 78,
"targetScore": 95,
"controlsTotal": 42,
"controlsPassing": 33,
"reviewDate": "2026-12-31T00:00:00Z"
}
],
"pagination": { "total": 1, "page": 1, "perPage": 20 }
}curl -X PATCH https://api.drd.io/v1/compliance/goals/goal_01JM7XBN4RTYP/activate \
-H "Authorization: Bearer drd_ws_sk_live_Abc123..."
# Response
{
"ok": true,
"data": {
"id": "goal_01JM7XBN4RTYP",
"state": "active",
"activatedAt": "2026-02-14T12:05:00Z",
"progress": 0
}
}import { DRDClient } from "@drd-io/sdk";
const drd = new DRDClient({
apiKey: process.env.DRD_API_KEY!,
workspace: process.env.DRD_WORKSPACE!,
});
// Create a goal from a framework template
const goal = await drd.compliance.goals.create({
framework: "soc2",
name: "SOC 2 Type II - 2026",
targetScore: 90,
atRiskThreshold: 75,
reviewDate: new Date("2026-12-31"),
});
// Activate the goal
await drd.compliance.goals.activate(goal.id);
// Check progress
const status = await drd.compliance.goals.get(goal.id);
console.log(`Progress: ${status.progress}%`);
console.log(`State: ${status.state}`);
console.log(`Controls: ${status.controlsPassing}/${status.controlsTotal}`);
// List at-risk goals
const atRisk = await drd.compliance.goals.list({
state: "at-risk",
});
for (const g of atRisk) {
console.log(`${g.name}: ${g.progress}% (target: ${g.targetScore}%)`);
}