Platform+
Describe it. Compyl writes the blueprint.
Ask for the evidence you need in plain English — Compyl’s AI builds the blueprint that collects it. 1,500+ ready out of the box; for everything else, no SQL, no data team, no tickets. You just approve.
SELECT u.full_name, u.email, iam.role, t.last_completed FROM identities u JOIN aws_iam_access iam ON iam.user_id = u.id LEFT JOIN training_records t ON t.user_id = u.id AND t.course = 'Security Awareness' WHERE iam.privilege_level = 'admin' AND (t.last_completed IS NULL OR t.last_completed < NOW() - INTERVAL '12 months') ORDER BY t.last_completed ASC NULLS FIRST;
Describe what you need. Watch Compyl’s AI write the blueprint.
This is the real builder. Pick a request in plain language and watch Compyl AI assemble the blueprint — source, query logic, framework mappings, and schedule — then hand it to you to approve. You never write a query. The platform is the expert.
Compyl Evidence Studio is the evidence-automation engine of the Compyl GRC platform. It collects live, auditable evidence directly from your connected systems using Evidence Blueprints — reusable, logic-based automations that test each control on a schedule. Evidence Studio ships with 1,500+ prebuilt blueprints mapped to leading frameworks, so you get value the moment you onboard. And with its AI-native blueprint builder, you describe the evidence you need in plain language and Compyl’s AI writes the query, maps the frameworks, and sets the schedule — then hands it to you to approve. You never write a query; the platform is the expert and you stay in control.
Evidence used to mean screenshots, spreadsheets, and someone who can write queries
Automating a control meant knowing the query language, each integration’s API, and the framework mapping — so collection bottlenecked on a handful of experts, and everything else stayed manual and stale.
Screenshots that expire
Static screenshots and CSV exports are stale the moment they’re taken — and prove nothing about your posture today.
Query-writing is specialist work
Turning a control into an automated check used to require engineers who know each system’s query syntax — a bottleneck on every new blueprint.
Coverage stalls
When only a few people can build automations, most controls stay manual and audit prep turns into a scramble every cycle.
From a plain-language request to live, approved evidence
Describe what you need — or start from 1,500+ prebuilt blueprints. Compyl AI writes the logic, you approve, and it runs on schedule.
Describe it
Type the evidence you need in plain language.
AI builds the blueprint
Compyl writes the query, conditions & mappings.
You approve
Review and activate; nothing runs until you say so.
It runs on schedule
Collects live evidence from your systems automatically.
Prove & monitor
Live, auditable proof mapped to every framework.
1,500+ prebuilt blueprints — value on day one
You don’t start from a blank page. Evidence Studio ships with 1,500+ blueprints mapped to SOC 2, ISO 27001, NIST, PCI DSS, HIPAA and more — across the systems you already run. Turn them on at onboarding and you’re collecting live, audit-ready evidence the same day.
- 1,500+ blueprints mapped to leading frameworks
- Cover AWS, Azure, GCP, Okta, GitHub, CrowdStrike & 125+ integrations
- Each runs on your schedule and links to risks, vendors & policies
- A complete, traceable audit trail from day one
Need something custom? Just describe it.
When you need evidence no template covers, you don’t open a query editor — you describe it in plain English. Compyl’s AI-native builder interprets your request, writes the query logic, maps it to the right controls and frameworks, and sets a schedule. The program is the expert; you review and approve.
- Build any blueprint in plain language — no query syntax
- AI writes the logic, conditions & framework mappings
- You approve every blueprint before it runs
- Turn a one-off audit ask into a reusable, scheduled automation
You describe and approve. Compyl does the engineering.
Evidence Studio puts the expertise in the platform. You stay in the decision seat — approving each blueprint — while Compyl AI writes the queries, runs collection, and keeps the proof current.
Say it in plain language
Describe the evidence you need — no query syntax, no API knowledge.
AI writes the blueprint
Compyl assembles the query, pass conditions, and framework mappings.
You review & activate
Nothing runs until you approve — the human stays in control of every decision.
It runs & proves
Collects live evidence on schedule and maps it to every framework it satisfies.
Evidence that’s always current — not a screenshot from last quarter
Blueprints run on your schedule and pull straight from your live systems, so every control is tested continuously and your evidence reflects today’s posture. Each result links to the risks, vendors, policies and frameworks it supports — a complete, traceable audit trail.
- Live data from your systems replaces screenshots & CSVs
- Continuous testing — daily, weekly, or on your control’s cadence
- Every result mapped to the frameworks it satisfies
- A failed check raises a task automatically — nothing slips
Built by CISOs — automation that augments your team, not another data silo
Evidence Studio is the automation core of the platform that runs your whole GRC program, so evidence flows straight into controls, risk, and audit. It shows up in five ways.
GRC that adapts to complexity
No-code configuration of dashboards, workflows, fields, and reports for every team — without an engineering ticket.
End-to-end, built to flex and scale
Governance, risk, compliance, and third-party risk as one connected source of truth — with no ceiling as your program matures.
No black box — all your data
125+ proprietary, in-house integrations ingest your full dataset and surface risks single-system checks miss.
Agentic AI that augments your team
The AI-native builder and 1,500+ blueprints write the queries and assemble evidence, with humans in the loop on every decision that matters.
Quantified risk in financial terms
FAIR models and Monte Carlo simulations put risk in dollars, so the board decides on business impact — not heat-map colors. New in 26.2.
Evidence that powers your whole GRC program
Evidence Studio feeds the rest of Compyl — so live proof becomes compliance status, risks, and questionnaire answers.
Blueprints validate the controls behind every framework, so compliance status reflects live evidence — not a snapshot.
Explore Compliance →A failed check becomes a risk in your register, scored and quantified alongside every other risk.
Explore Risk Management →Answer security questionnaires with citations backed by your live evidence, not best guesses.
Explore Questionnaire Assist →The blueprint builder is one of many places AI does the busywork and you approve what matters.
Explore Compyl AI →One control library, mapped to every framework it satisfies
Compyl cross-maps controls so a single blueprint can satisfy requirements across multiple frameworks at once. Explore any framework below.
Rated a leader by the teams who use it
Evidence Studio questions, answered
Compyl Evidence Studio is the evidence-automation engine of the Compyl GRC platform. It collects live, auditable evidence directly from your connected systems using Evidence Blueprints — reusable, logic-based automations that test each control on a schedule. It ships with 1,500+ prebuilt blueprints mapped to leading frameworks, and an AI-native builder lets you describe the evidence you need in plain language while Compyl AI writes the query, maps the frameworks, and sets the schedule for you to approve.
A blueprint is a reusable, logic-based automation that defines how a control is tested — the source system, the query logic, the pass/fail condition, and the frameworks it maps to. Each blueprint runs on a schedule and produces live, auditable evidence with a traceable trail.
Describe the evidence you need in plain language. Compyl AI interprets the request, writes the query logic, maps it to the right controls and frameworks, and sets a schedule — then presents the blueprint for you to approve. You never write a query; the platform is the expert and you review and activate.
Evidence Studio ships with 1,500+ prebuilt blueprints mapped to frameworks like SOC 2, ISO 27001, NIST CSF, PCI DSS, HIPAA and GDPR, across 125+ integrations — so you start collecting live evidence the day you onboard.
No. The platform is the expert. Use a prebuilt blueprint, or describe what you need and let the AI builder write it. Your job is to review and approve — Compyl handles the query logic and framework mapping.
Evidence Studio connects to 125+ integrations including AWS, Azure, GCP, Okta, Auth0, GitHub, CrowdStrike, Salesforce, HubSpot and Workday, pulling live evidence directly from the systems you already run.
