Customize Compliance - Overview

Because every organization has unique needs, Mondoo lets you customize which controls and checks factor into your compliance score. This keeps your team focused on what matters and ensures your compliance data accurately reflects your audit requirements.

Mondoo offers three ways to customize compliance:

Define scope

If a control isn't part of your compliance audit, you can set it out of scope. Out-of-scope controls are excluded from your compliance score and hidden from generated reports entirely.

Use scope to remove controls that your auditor has confirmed are not applicable to your organization.

Set exceptions on controls

Exceptions on controls let you exclude a control from your compliance score while still documenting the decision for your team and auditors. There are two types:

• Risk acceptance: Temporarily exclude a control for a set period while your team works toward meeting it.
• Disable: Permanently exclude a control that doesn't apply to your space.

Unlike scope, exceptions appear in your compliance reports with the justification you provide, giving your auditor visibility into the decision.

Set exceptions on checks

You can also set exceptions on individual checks within a control. This is useful when a control is mostly relevant but a specific check doesn't apply to your environment. Check exceptions work the same way as control exceptions (risk acceptance or disable) but at a more granular level.

Choosing the right approach

---