Product
Most GRC platforms ask you to copy your riskiest data — your risk register, your audit findings, your control gaps — into someone else's SaaS. Checkpoint doesn't. Every record is a SharePoint list in your own Microsoft 365 tenant; posture checks read your live Entra, Intune and Defender signals via Microsoft Graph and never leave your browser.
The demo runs entirely in your browser with sample data — nothing to install, nothing sent anywhere.
Checkpoint has no backend and no database. It's a static web app that signs you in with your own Microsoft account, reads your tenant's security posture read-only, and stores every register as SharePoint lists you already own, govern and back up.
Risks, actions, controls, evidence, audit trails — all SharePoint lists in your tenant, inheriting your permissions, retention and versioning. Off-boarding us costs you nothing: the data was always yours.
Sign-in requests read-only Microsoft Graph access. MFA coverage, Conditional Access, PIM usage, guest accounts, device compliance, risky OAuth grants and Secure Score — measured live, never guessed from a spreadsheet.
Every scan exports the raw Graph data behind each check as timestamped, SHA-256-hashed JSON into your document library, auto-linked to the controls it satisfies. When the auditor asks "prove it", it's already filed.
Seven frameworks, cross-mapped so shared evidence is never duplicated: ISO 27001, SOC 2, Essential Eight, ISO 42001, ISO 27701, DISP/IRAP and NIST CSF.
22 automated checks against your live tenant, with configurable thresholds and an optional in-tenant scheduled monitor that flags regressions daily — no one needs to remember to re-scan.
Per-framework control sets with applicability, status, ownership, verification dates and evidence links — the document your auditor opens first, always current.
Scan findings propose risks; approving one creates the treatment actions; completing actions recalculates residual risk. The audit trail builds itself.
Record exactly what data each vendor touches — health information, customer PII, credentials, production access — get a suggested criticality, send questionnaires, and feed review dates into the compliance calendar.
An AI systems register with EU AI Act risk tiers and impact assessments — plus automated discovery that spots Copilot, OpenAI and other AI apps already consented to in your tenant.
Internal audit programme, management review records, a compliance calendar and an append-only audit log — ISO 27001 clauses 9.2 and 9.3 satisfied continuously, not assembled the week before audit.
SoA export, audit readiness report, executive summary, management review pack — plus a shareable Trust Center page and a time-boxed Auditor Pack your certifier can open without a licence.
A live, presentation-ready summary — pull it up in the board meeting instead of screenshotting dashboards into slides the night before.
Sign-in requests read-only scopes. Write access to your SharePoint is requested separately, the first time it's needed — and an admin consents to each step explicitly.
Strict Content-Security-Policy, no CDN dependencies, content-hashed assets with subresource integrity, and a tamper-evident append-only audit log.
Every register change is versioned by your own SharePoint, every material action is written to the audit log, and every scan's raw evidence is hashed and filed.
Explore the demo in two clicks, or book a 30-minute walkthrough and we'll run a read-only posture scan against your real tenant — you'll leave with your actual gaps, not a sales deck.
Hi! I’m the Compliance365 AI. I can help you work out which security or privacy framework you need, explain what’s involved, and answer questions about ISO 27001, SOC 2, Essential Eight, and more.
What can I help you with today?