Skip to main content
The Compliance Requirements screen lists all IT compliance requirements with filtering and is accessible at /it/security/compliance/requirements.

Overview

The Compliance Requirements page loads requirements via useComplianceRequirements with optional filter parameters. A search box and three filter dropdowns are provided: Framework (hipaa_it, soc2, iso27001, other), Category (access_control, data_protection, incident_response, other), and Status (compliant, non_compliant, in_progress, not_assessed). The data table shows requirement name (clickable, navigates to detail), framework badge, category label, compliance status badge, last assessment date, and next assessment date. An Add Requirement button links to the new-requirement form. The back button navigates to /it/security/compliance.

Who it’s for

Requires IT_PERMISSIONS.VIEW (outer ITViewGuard). No additional per-route permission gate.

Before you start

  • You must hold IT_PERMISSIONS.VIEW to access this screen.

Steps

1

Open Compliance Requirements

Navigate to /it/security/compliance/requirements. All requirements load by default.
2

Filter requirements

Use the search box to filter by requirement name. Use the Framework, Category, and Status dropdowns to narrow results.
3

View a requirement

Click a requirement name to navigate to its detail view.
4

Add a new requirement

Click Add Requirement to navigate to /it/security/compliance/requirements/new.

Key concepts

  • compliance_framework — Values: hipaa_it (displayed as “HIPAA IT”), soc2 (SOC 2), iso27001 (ISO 27001), other.
  • requirement_category — Values: access_control, data_protection, incident_response, other.
  • compliance_status — Values: compliant, non_compliant, in_progress, not_assessed.
  • last_assessment_date / next_assessment_date — Track when the requirement was last evaluated and when the next review is due.

Creating a requirement

The New Requirement page (/it/security/compliance/requirements/new) is a single-step form for adding a compliance requirement. New requirements are created with an initial compliance_status of not_assessed. On success the user is redirected to the compliance requirements list. Before you start: identify the compliance framework (HIPAA IT, SOC 2, ISO 27001, or Other); determine the requirement category; have the next scheduled assessment date available if applicable.
  1. Navigate to IT > Security > Compliance and select the requirements list, then click Add Requirement, or go directly to /it/security/compliance/requirements/new.
  2. Enter the Requirement Name (required).
  3. Select a Framework: HIPAA IT, SOC 2, ISO 27001, or Other.
  4. Select a Category: Access Control, Data Protection, Incident Response, or Other.
  5. Optionally set a Next Assessment Date.
  6. Enter a Description explaining the requirement and how compliance is measured.
  7. Click Create Requirement. On success you are redirected to the requirements list.
Key concepts:
  • Compliance framework — the regulatory or standards framework this requirement belongs to (ComplianceFramework type).
  • Compliance category — the security domain grouping (ComplianceCategory type).
  • compliance_status — new requirements start as not_assessed; status updates occur via the requirement detail or edit page.

Editing a requirement

The Edit Requirement page (/it/security/compliance/requirements/:id/edit) loads the existing compliance requirement via useComplianceRequirement. Editable fields: requirement name, compliance framework (hipaa_it, soc2, iso27001, other), requirement description, requirement category (access_control, data_protection, incident_response, other), compliance status (not_assessed, compliant, non_compliant, in_progress), next assessment date, and assessment notes. On save, updateRequirement is called. A loading skeleton is shown while data loads, and a back-navigation button is provided. Permission required: IT_PERMISSIONS.VIEW via the outer ITViewGuard. No additional per-route gate.
  1. Navigate to /it/security/compliance/requirements/:id/edit from the compliance requirements list.
  2. Modify the name, framework, description, category, compliance status, next assessment date, and notes.
  3. Submit the form to save updates and navigate back.
Key fields:
  • compliance_framework — Values: hipaa_it, soc2, iso27001, other.
  • requirement_category — Values: access_control, data_protection, incident_response, other.
  • compliance_status — Values: not_assessed, compliant, non_compliant, in_progress.
  • next_assessment_date — Date string stored as ISO format; displayed as date-only input (split at T).

IT Service Management

IT Service Management overview.

Governance & parity

Documentation coverage and governance.
This page documents shipped product behavior. It is not medical, legal, or billing advice. Verify against your organization’s policies and applicable regulations before using it for clinical, compliance, or billing decisions. Protected health information (PHI) shown in the product is governed by your tenant’s access controls and is never exposed in this documentation.
  • src/routes/it.tsx
  • src/cores/it/pages/security/compliance/ComplianceRequirementListPage.tsx
  • src/cores/it/pages/security/compliance/NewComplianceRequirementPage.tsx
  • src/cores/it/pages/security/compliance/EditComplianceRequirementPage.tsx
  • src/cores/it/hooks/useComplianceRequirementMutations.ts
  • src/cores/it/hooks/useComplianceRequirement.ts (via EditPage)
  • src/cores/it/types/security.ts