Compliance Automation
Technology that automates compliance-related tasks such as evidence collection, control testing, questionnaire responses, and regulatory reporting.
Compliance automation streamlines the operational burden of meeting regulatory requirements. Tools like Vanta, Drata, and Secureframe automate:
- Evidence collection (pulling data from systems to prove controls are in place) - Control testing (automatically verifying that security controls are working) - Questionnaire responses (auto-filling vendor security questionnaires) - Certification maintenance (continuous monitoring for SOC 2, ISO 27001, etc.)
Compliance automation is valuable but limited. It automates the documentation of compliance, not governance itself. The organisation still makes decisions and takes actions; compliance automation verifies and documents that those actions met regulatory requirements.
The distinction matters: compliance is about meeting external requirements; governance is about how the institution directs and controls itself. Automating compliance doesn't improve governance.
How Constellation handles this
Constellation is not compliance automation. Compliance automation documents that rules were followed. Constellation enforces the rules at the moment of action. They serve different purposes and can work together.