/it/security/compliance/requirements.
Overview
The Compliance Requirements page loads requirements viauseComplianceRequirements with optional filter parameters. A search box and three filter dropdowns are provided: Framework (hipaa_it, soc2, iso27001, other), Category (access_control, data_protection, incident_response, other), and Status (compliant, non_compliant, in_progress, not_assessed). The data table shows requirement name (clickable, navigates to detail), framework badge, category label, compliance status badge, last assessment date, and next assessment date. An Add Requirement button links to the new-requirement form. The back button navigates to /it/security/compliance.
Who it’s for
RequiresIT_PERMISSIONS.VIEW (outer ITViewGuard). No additional per-route permission gate.
Before you start
- You must hold
IT_PERMISSIONS.VIEWto access this screen.
Steps
1
Open Compliance Requirements
Navigate to
/it/security/compliance/requirements. All requirements load by default.2
Filter requirements
Use the search box to filter by requirement name. Use the Framework, Category, and Status dropdowns to narrow results.
3
View a requirement
Click a requirement name to navigate to its detail view.
4
Add a new requirement
Click Add Requirement to navigate to
/it/security/compliance/requirements/new.Key concepts
- compliance_framework — Values:
hipaa_it(displayed as “HIPAA IT”),soc2(SOC 2),iso27001(ISO 27001),other. - requirement_category — Values:
access_control,data_protection,incident_response,other. - compliance_status — Values:
compliant,non_compliant,in_progress,not_assessed. - last_assessment_date / next_assessment_date — Track when the requirement was last evaluated and when the next review is due.
Creating a requirement
The New Requirement page (/it/security/compliance/requirements/new) is a single-step form for adding a compliance requirement. New requirements are created with an initial compliance_status of not_assessed. On success the user is redirected to the compliance requirements list.
Before you start: identify the compliance framework (HIPAA IT, SOC 2, ISO 27001, or Other); determine the requirement category; have the next scheduled assessment date available if applicable.
- Navigate to IT > Security > Compliance and select the requirements list, then click Add Requirement, or go directly to
/it/security/compliance/requirements/new. - Enter the Requirement Name (required).
- Select a Framework: HIPAA IT, SOC 2, ISO 27001, or Other.
- Select a Category: Access Control, Data Protection, Incident Response, or Other.
- Optionally set a Next Assessment Date.
- Enter a Description explaining the requirement and how compliance is measured.
- Click Create Requirement. On success you are redirected to the requirements list.
- Compliance framework — the regulatory or standards framework this requirement belongs to (
ComplianceFrameworktype). - Compliance category — the security domain grouping (
ComplianceCategorytype). - compliance_status — new requirements start as
not_assessed; status updates occur via the requirement detail or edit page.
Editing a requirement
The Edit Requirement page (/it/security/compliance/requirements/:id/edit) loads the existing compliance requirement via useComplianceRequirement. Editable fields: requirement name, compliance framework (hipaa_it, soc2, iso27001, other), requirement description, requirement category (access_control, data_protection, incident_response, other), compliance status (not_assessed, compliant, non_compliant, in_progress), next assessment date, and assessment notes. On save, updateRequirement is called. A loading skeleton is shown while data loads, and a back-navigation button is provided.
Permission required: IT_PERMISSIONS.VIEW via the outer ITViewGuard. No additional per-route gate.
- Navigate to
/it/security/compliance/requirements/:id/editfrom the compliance requirements list. - Modify the name, framework, description, category, compliance status, next assessment date, and notes.
- Submit the form to save updates and navigate back.
- compliance_framework — Values:
hipaa_it,soc2,iso27001,other. - requirement_category — Values:
access_control,data_protection,incident_response,other. - compliance_status — Values:
not_assessed,compliant,non_compliant,in_progress. - next_assessment_date — Date string stored as ISO format; displayed as date-only input (split at
T).
Related
IT Service Management
IT Service Management overview.
Governance & parity
Documentation coverage and governance.
This page documents shipped product behavior. It is not medical, legal, or
billing advice. Verify against your organization’s policies and applicable
regulations before using it for clinical, compliance, or billing decisions.
Protected health information (PHI) shown in the product is governed by your
tenant’s access controls and is never exposed in this documentation.
Documentation sources
Documentation sources
- src/routes/it.tsx
- src/cores/it/pages/security/compliance/ComplianceRequirementListPage.tsx
- src/cores/it/pages/security/compliance/NewComplianceRequirementPage.tsx
- src/cores/it/pages/security/compliance/EditComplianceRequirementPage.tsx
- src/cores/it/hooks/useComplianceRequirementMutations.ts
- src/cores/it/hooks/useComplianceRequirement.ts (via EditPage)
- src/cores/it/types/security.ts