Experiencing a Data Breach? Get help now.

AI ASSISTANT 
Book a Demo

HANDD Compliance as a Service

Services › Compliance › Compliance as a Service

A cloud-native compliance intelligence platform that monitors your MFT environment — from discovery runs performed on your configuration against the clauses of the compliance standard.

Real-Time

Compliance Monitoring

Frameworks Supported
0 +

Cloud & On-Prem

Flexible Deployment

Multi-Platform

GoAnywhere & More

Request Acess
Contact Sales

What is HANDD Compliance
as a Service?

A web-based compliance dashboard that connects directly to your MFT platform, compiles transfer logs, configuration audits, and user activity, then maps everything automatically against the compliance frameworks that matter to your business.
Native MFT Integration
A discovery script runs directly on your environment to automatically collect configuration data — no manual extraction required.
Compliance Scoring
Continuously calculates your compliance rate across each framework, requirement category, and individual control.
Non-Compliance Alerting
Proactively flags gaps, failed controls, and drifting configurations so teams can remediate before audit time.
Audit-Ready Reports
Generate point-in-time compliance reports mapped to specific framework requirements, ready for auditor submission.

Key Capabilities

at a Glance

Everything you need to achieve and demonstrate MFT compliance — in one place.
Compliance Dashboard
Design, schedule, and maintain all file transfer workflows from end to end.
Multi-Framework Support
Onboard, configure, and lifecycle-manage all trading partners and users.
Flexible Deployment
24/7 proactive monitoring and SLA-backed incident resolution.
Historical Trending
Track compliance posture over time to demonstrate continuous improvement to auditors and leadership.
Multi-Tenancy
Manage multiple customers, platforms, or business units from a single pane of glass.
Smart Alerting
Configurable threshold alerts when compliance scores drop or new violations are detected.

The Compliance Dashboard

A web-based compliance operations centre — accessible from any browser, updated continuously from your MFT platform data.

Dashboard representation based on live GoAnywhere MFT PCI DSS compliance scan data. Actual dashboard
powered by your connected MFT platform.

Dashboard Feature Set

A structured approach that ensures smooth service transition with minimal disruption to your operations.
Compliance Rate Gauge
A live percentage gauge showing your overall compliance score per framework per platform — updated on every scan run.
Trend Over Time
See how your compliance posture is improving or regressing across configurable time windows — hour, day, week, or month.
Category Breakdown
Drill into compliant and non-compliant requirement categories with ranked bar charts showing the highest-risk areas first.
Requirements Detail Table
Full drill-down to individual requirements: what the control is, whether it’s met in your MFT, and compensating controls applied.
Multi-Customer View
For MSSPs and internal teams managing multiple business units — a single pane with per-customer compliance scores and drill-down.
Configurable Scan Runs
Schedule scans on demand or automatically, with Run ID tracking so you can compare snapshots across assessment cycles.

From Connection to
Compliance

CaaS connects to your MFT platform, continuously collects compliance-relevant data, and surfaces actionable insights through the dashboard.

Platform Connection

CaaS connects to your MFT platform via secure API or log forwarding.
Read More

Data Collection

Transfer logs, audit trails, config snapshots, and user activity ingested.
Read More

Framework Mapping

Data mapped against selected frameworks (PCI DSS, GDPR, HIPAA, etc.).
Read More

Dashboard Display

Live scores, category breakdowns, and trend charts rendered in real time.
Read More

Report & Alert

Scheduled exports, auditor-ready reports, and threshold alerts dispatched.
Read More
Speak to a Compliance Specialist

Data Sources & Integrations

CaaS ingests data from multiple layers of your MFT environment to build a complete compliance picture.

Transfer
Logs

Every file send, receive, and routing event — timestamped, user-attributed, and mapped to compliance controls.

Learn More

User & Auth Activity

Login events, failed auth attempts, session durations, and privilege escalation activities.

Learn More

Configuration
State

Platform configuration snapshots including protocol settings, encryption policies, and TLS versions.

Learn More

Key & Certificate
Data

SSH key usage, certificate expiry, encryption algorithm inventories — critical for cryptography controls.

Learn More

Supported Compliance
Frameworks

CaaS ships with pre-built control mappings for the most common frameworks affecting MFT
environments. New frameworks are added continuously.

PCI DSS
  • Available
  • Authentication & Password controls (Req. 8)
  • Session & Login Controls (Req. 8.2, 8.3)
  • System Configuration hardening (Req. 2)
  • Cryptography & Key Management (Req. 3, 4)
  • Logging & Monitoring requirements (Req. 10)
  • Network Security controls (Req. 1)
  • Account Management & access review (Req. 7, 8)
  • Compensating control documentation support
GDPR
  • Coming Soon
  • Data encryption in transit and at rest (Art. 32)
  • Access control and least privilege (Art. 32)
  • Audit logging of personal data transfers
  • Breach detection and notification readiness
  • Cross-border transfer monitoring and flagging
HIPAA
  • Basic | Advanced
  • ePHI transfer encryption and integrity checks (§164.312)
  • Access control to ePHI in transit (§164.312.a)
  • Audit controls for ePHI access (§164.312.b)
  • Transmission security requirements (§164.312.e)
  • Unique user identification and session monitoring
ISO/IEC 27001:2022
  • Coming Soon
  • ePHI transfer encryption and integrity checks (§164.312)
  • Access control to ePHI in transit (§164.312.a)
  • Audit controls for ePHI access (§164.312.b)
  • Transmission security requirements (§164.312.e)
  • Unique user identification and session monitoring
SOC 2 Type II
  • Coming Soon
  • Security (CC series) — logical access & encryption controls
  • Availability (A series) — SLA & uptime monitoring evidence
  • Confidentiality (C series) — data transfer confidentiality
  • Processing integrity — transfer completeness and accuracy
Custom Frameworks
  • Coming Soon
  • Define your own control library with custom requirement IDs
  • Map internal security policies to MFT data points
  • Industry-specific frameworks: NIS2, DORA, FCA PS21/3
  • HANDD professional services for custom framework mappings

Deployment Options

CaaS is designed to fit your environment — whether you want the simplicity of SaaS or the control of on-premise.

Most Popular

Cloud (SaaS)
HANDD hosts and operates CaaS
in the cloud. Zero infrastructure investment, instant setup, and
always on the latest version.
  • Ready in hours, not weeks
  • No infrastructure to manage
  • Automatic updates & new framework releases
  • 99.9% uptime SLA
  • HANDD-managed backup & DR
  • Data residency options (UK, EU, US)
On-Premise
Deploy CaaS entirely within your own data centre or private cloud. Full data sovereignty with no external data egress.
  • Complete data sovereignty
  • Air-gapped network support
  • Integrates with internal SIEM / log tools
  • Customer-controlled backup and DR
  • Suitable for highly regulated sectors
  • Annual software subscription with support
Hybrid
Data collectors run on-premise to avoid egress, while dashboards and reporting run in the HANDD cloud — the best of both.
  • Local data collection agents only
  • Encrypted metadata forwarded to cloud
  • No raw log data leaves your environment
  • Cloud-hosted dashboards & reporting
  • Ideal for regulated industries with remote teams
Speak to a Specialist

Side-by-Side Deployment Comparison

See how HANDD CaaS compares to manual compliance approaches and generic GRC tools.
Get Guidance

CaaS vs. Alternatives

See how HANDD CaaS compares to manual compliance approaches and generic GRC tools.
Get Guidance

Key Business Benefits

Organisations typically engage HANDD to:

Audit-Ready in Hours

Go from zero to your first compliance dashboard in hours — not weeks or months of manual effort.
Read More

Continuous Compliance

Move from point-in-time audits to always-on compliance monitoring with real-time scoring.
Read More

Reduce Audit Costs

Pre-built framework mappings and automated reports eliminate weeks of manual evidence gathering.
Read More

Proactive Remediation

Catch compliance drift and configuration gaps before they become audit findings or breaches.
Read More

Multi-Framework Coverage

One platform, multiple frameworks — demonstrate compliance across PCI DSS, GDPR, HIPAA, ISO 27001, and SOC 2.
Read More

No MFT Expertise Needed

Pre-mapped controls mean your compliance team doesn’t need deep MFT platform knowledge to monitor posture.
Read More

Know Your Compliance Posture — Right Now

Connect HANDD CaaS to your MFT platform and get your first compliance dashboard live in hours, not months.
Request Acess
Contact Sales