![Adoptech-logo-GreyWithoutStrapline-1.png]](https://knowledge.adoptech.co.uk/hs-fs/hubfs/Adoptech-logo-GreyWithoutStrapline-1.png?height=39&name=Adoptech-logo-GreyWithoutStrapline-1.png){kind=logo}
Many organisations need to comply with multiple frameworks such as ISO 27001, SOC 2, DORA, NIST 800-53 and Cyber Essentials.
A common challenge is that similar requirements appear across multiple frameworks, often leading to duplicated testing and evidence collection.
Adoptech solves this problem by preserving the original requirements from each framework while reusing checks, tests and evidence where genuine overlap exists.
Without a structured approach, organisations often find themselves collecting the same evidence multiple times for different frameworks.
Adoptech solves this problem by preserving the original requirements from each framework while reusing checks, tests and evidence wherever genuine overlap exists.
This allows organisations to reduce duplication without losing visibility of the original framework requirements.
The Adoptech Compliance Model
Policies → Risks → Controls → Checks → Tests
This creates a clear and auditable path from organisational requirements through to compliance evidence.
Controls
Controls are the safeguards implemented to reduce risk and achieve policy objectives. They are often required by a framework, regulation or legislation.
Examples include:
- ISO 27001 A.8.24 – Use of Cryptography
- NIST 800-53 SC-28 – Protection of Information at Rest
Adoptech preserves these requirements exactly as they appear in the source framework
Checks
Checks define how a control is monitored or reviewed.
Examples:
- Review endpoint encryption status
- Review privileged access
- Verify vulnerability scanning is performed
Tests
Tests provide the evidence used to validate a check.
Tests can be:
- Automated (via integrations)
- Manual (performed by users)
Test results provide the evidence used to demonstrate compliance.
Understanding Controls, Checks and Tests
Why Adoptech Preserves Native Controls
Many compliance platforms create a proprietary control framework and then map standards into those controls.
While this can simplify administration, it can also make it harder to:
- Trace requirements back to their source
- Demonstrate compliance to auditors
- Maintain alignment with regulatory requirements
Adoptech takes a different approach.
We preserve the original controls from each framework and do not replace them with an Adoptech control library. This ensures organisations can demonstrate compliance directly against the requirements that apply to them
Where Evidence Reuse Happens
Adoptech reuses evidence at the Check and Test level. A single test result can provide evidence for multiple framework requirements.
The controls remain separate.
The evidence is reused.
Why This Matters
This approach helps organisations:
- Reduce duplicated effort
- Maintain alignment with source frameworks \ legislation
- Improve audit readiness
- Increase automation
- Improve traceability
Rather than managing each framework independently, organisations can reuse evidence efficiently whilst maintaining visibility of the individual requirements that apply to them.