106 free compliance generators — and counting
ComplyKit has reached 106 free compliance generators. No account required. No paywalls. Generate a professional AI-powered compliance assessment report in minutes.
Today we're adding two new tools:
ISO 27701 PIMS Gap Assessment (105th generator)
ISO/IEC 27701:2019 is the international standard for Privacy Information Management Systems (PIMS). It extends ISO 27001 with dedicated privacy controls for both PII controllers and processors, maps to GDPR, and provides a certification path for organisations wanting third-party validation of their privacy programme.
The ISO 27701 PIMS Gap Assessment covers 42 controls across 6 domains:
- PIMS Scope & Integration (ISO 27701 §4–5): Scope statement, PII role determination, ISO 27001 extension, privacy policy, objectives, management commitment
- PII Controller Controls (ISO 27701 §7): Lawful basis documentation, privacy notices, consent management, data subject rights (access, erasure, portability, objection), PII minimisation, purpose limitation
- PII Processor Controls (ISO 27701 §8): DPAs per Art. 28 GDPR, controller instruction compliance, sub-processor management, return/deletion procedures, audit facilitation, breach notification
- Privacy Risk Management & DPIA (ISO 27701 §5, 6.3): Privacy risk assessment process, DPIA methodology, privacy risk register, DPIA triggers, risk treatment, residual risk sign-off
- Privacy by Design & Technical Controls (ISO 27701 §6, Annex B): Privacy by design in SDLC, data minimisation at collection, pseudonymisation, encryption, access controls, retention schedules, PETs
- Governance, Audit & Certification (ISO 27701 §5.8, 9–10): DPO designation, internal PIMS audit, management review, corrective action process, staff training, documentation control, certification readiness
Who it's for: DPOs, CISOs, privacy counsel, ISO 27001-certified organisations adding the 27701 extension, data processors building privacy governance, and organisations preparing for ISO 27701 certification.
NIST CSF 2.0 Tier Assessment (106th generator)
NIST released CSF 2.0 in February 2024 — the biggest update since the framework launched in 2014. The headline addition is the new GOVERN function, which addresses cybersecurity strategy, risk tolerance, roles, policies, oversight, and supply chain risk at the governance level. CSF 2.0 also broadens applicability from critical infrastructure to all organisations.
The NIST CSF 2.0 Tier Assessment covers 42 controls across all six CSF 2.0 functions:
- GOVERN Function (GV) — New in CSF 2.0: Cybersecurity risk strategy board approval, roles and responsibilities, risk tolerance, policy review, regulatory requirements tracking, supply chain policy, board reporting metrics
- IDENTIFY Function (ID): Asset inventory, business environment documentation, risk assessment process, supply chain risk assessment, vulnerability management, risk register, third-party dependency mapping
- PROTECT Function (PR): IAM and MFA, data security controls, secure configuration baselines, security awareness training, protective technology (EDR/SIEM/WAF), software supply chain security (SBOM), patch management
- DETECT Function (DE): Continuous monitoring, centralised logging, anomaly detection, detection testing, threat intelligence integration, cloud detection coverage, insider threat monitoring
- RESPOND Function (RS): Incident response plan, incident classification, communication plan, containment/eradication procedures, lessons learned process, external coordination, breach notification timelines
- RECOVER Function (RC): Recovery plan and BCP alignment, RTO/RPO definition, backup strategy testing, recovery testing integration, post-recovery review, stakeholder communications, continuous improvement
The tool determines your current CSF 2.0 Tier (1=Partial, 2=Risk Informed, 3=Repeatable, 4=Adaptive) based on your responses and generates a professional Tier Assessment Report with gap analysis and a phased Tier progression roadmap.
Who it's for: CISOs, CROs, IT/cybersecurity teams, board/executive leaders preparing CSF 2.0 profile reports, public companies needing SEC cybersecurity disclosure support, and organisations mapping their CSF posture to NIS2, DORA, or other frameworks.
Browse all 106 generators
All 106 free compliance generators are at /generate. No account required. No registration. GDPR, CCPA, SOC 2, HIPAA, ISO 27001/27701, EU AI Act, NIS2, DORA, PSD2/PSD3, FCA Consumer Duty, CSRD, CRA, NIST CSF 2.0, APRA CPS 234, and more.