Framework Coverage Calculator
Pick the frameworks you need. We'll tell you exactly which PolicySuite packs cover them, with live pricing. Takes 2 minutes.
Coverage summary
Quick answer. The summary shows how far the recommended packs cover each framework you selected, plus the one-off total. Because frameworks overlap — ISO/IEC 27001:2022, SOC 2 and Cyber Essentials share many control themes — covering one framework typically moves the others forward too.
Recommended policy packs
Quick answer. Packs are sorted by how many of your selected frameworks each one covers, with live pricing. Each generates the written policies those frameworks expect — mapped to the relevant control set, for example ISO/IEC 27001:2022 Annex A — rather than one generic template per topic.
Sorted by how many of your selected frameworks each pack covers. Pricing is live from our pricing engine.
📄 Get the full PDF coverage report
A framework-by-framework breakdown with exactly which pack covers which requirement, plus total cost. Sent straight to your inbox.
Questions about this tool
Quick answer. Short answers on what the coverage tool does and does not include. It maps the policy documentation layer only — technical controls, evidence collection and audit preparation sit outside its scope, and the framework standards themselves remain the definitive sources.
Does this cover everything I need for my audit?
The packs provide the policy documentation layer. Technical controls, evidence collection and audit prep need additional tools — see our comparison pages for how PolicySuite pairs with evidence platforms.
Can I buy just the packs I need?
Yes. Each pack is a one-off purchase; no subscription required. You can also contact sales for an unlimited organisational licence if you need ongoing updates across many frameworks.
What if my framework isn't listed?
We cover 197 frameworks in total; this calculator only shows the top 10. Contact us with your specific framework and we'll point you to the right pack.
How the Framework Coverage tool works
Quick answer. The Framework Coverage tool maps a candidate policy estate to ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, Cyber Essentials and UK GDPR control sets, then highlights gaps. It is a static, free-to-use tool — no account, no email gate. Bespoke generation typically replaces a £5,000–£15,000 consultancy engagement with a one-off £400 pack — a 12× to 38× cost reduction with the same audit-readiness.
References and primary sources
Quick answer. The guidance above is cross-referenced against the primary-source documents below. Each link resolves to an official regulator or standards-body publication so the chain stays intact end-to-end.
- ISO/IEC 27001:2022 — the international information-security standard most policy frameworks map to.
- NIST Cybersecurity Framework 2.0 — the GOVERN-extended framework cross-walked to ISO and SOC 2.
- ICO accountability framework — UK regulator practical guidance for personal-data handling.
- NCSC Cyber Essentials — UK government cyber baseline for security policies.
- legislation.gov.uk — official UK statute referenced inside policy text.
The documents that survive enterprise vendor review and regulator scrutiny cite their primary sources clause by clause. Many UK SMEs first discover a policy gap when a buyer’s legal team challenges a generic phrase — for example, a citation to guidance that has since been revised. Checking each policy against the sources above closes that gap before someone else finds it.