Free Tool · No Signup Required

Framework Coverage Calculator

Pick the frameworks you need. We'll tell you exactly which PolicySuite packs cover them, with live pricing. Takes 2 minutes.

🗂️ 10 frameworks supported ⏱️ ~2 minutes 💷 Live pricing from our DB
0 of 4 answered

1. Which frameworks do you need to cover?

Quick answer. Tick every framework you are targeting or being asked about — UK and EU GDPR, ISO/IEC 27001:2022, SOC 2, Cyber Essentials and others. Selecting several is normal: most buyers face two or three at once, and a single policy often satisfies controls in more than one framework.

Tick every framework that applies. You can pick one or many — we'll find the packs that cover all of them.

Select frameworks

2. Tell us about your organisation (optional)

Quick answer. Company size, industry and jurisdiction do not change what a framework requires, but they change which pack is the best starting point — a ten-person SaaS firm and a regulated financial services business need different depth for the same control set. Skip this step for a generic mapping.

This doesn't change what's required — it just helps us prioritise which pack is the best starting point for you.

Company size
Industry
Primary jurisdiction
£0
TOTAL INVESTMENT

Coverage summary

Quick answer. The summary shows how far the recommended packs cover each framework you selected, plus the one-off total. Because frameworks overlap — ISO/IEC 27001:2022, SOC 2 and Cyber Essentials share many control themes — covering one framework typically moves the others forward too.

Recommended policy packs

Quick answer. Packs are sorted by how many of your selected frameworks each one covers, with live pricing. Each generates the written policies those frameworks expect — mapped to the relevant control set, for example ISO/IEC 27001:2022 Annex A — rather than one generic template per topic.

Sorted by how many of your selected frameworks each pack covers. Pricing is live from our pricing engine.

Questions about this tool

Quick answer. Short answers on what the coverage tool does and does not include. It maps the policy documentation layer only — technical controls, evidence collection and audit preparation sit outside its scope, and the framework standards themselves remain the definitive sources.

Does this cover everything I need for my audit?

The packs provide the policy documentation layer. Technical controls, evidence collection and audit prep need additional tools — see our comparison pages for how PolicySuite pairs with evidence platforms.

Can I buy just the packs I need?

Yes. Each pack is a one-off purchase; no subscription required. You can also contact sales for an unlimited organisational licence if you need ongoing updates across many frameworks.

What if my framework isn't listed?

We cover 197 frameworks in total; this calculator only shows the top 10. Contact us with your specific framework and we'll point you to the right pack.

How the Framework Coverage tool works

Quick answer. The Framework Coverage tool maps a candidate policy estate to ISO 27001:2022, NIST CSF 2.0, SOC 2 TSC, Cyber Essentials and UK GDPR control sets, then highlights gaps. It is a static, free-to-use tool — no account, no email gate. Bespoke generation typically replaces a £5,000–£15,000 consultancy engagement with a one-off £400 pack — a 12× to 38× cost reduction with the same audit-readiness.

References and primary sources

Quick answer. The guidance above is cross-referenced against the primary-source documents below. Each link resolves to an official regulator or standards-body publication so the chain stays intact end-to-end.

The documents that survive enterprise vendor review and regulator scrutiny cite their primary sources clause by clause. Many UK SMEs first discover a policy gap when a buyer’s legal team challenges a generic phrase — for example, a citation to guidance that has since been revised. Checking each policy against the sources above closes that gap before someone else finds it.