at Openlane
Openlane now includes a unified Registry for tracking vendors, assets, and personnel.
The Registry provides a centralized source of truth for the entities that power your compliance program. Teams can document vendor relationships, associate assets with controls and frameworks, and manage personnel records, all directly connected to evidence and assessments within Openlane.
By linking vendors, systems, and people to your controls and workflows, the registry reduces duplication, improves visibility, and ensures your compliance program reflects how your organization actually operates.
Openlane now supports additional compliance frameworks: FedRAMP Moderate and ISO 42001.
Organizations operating in regulated or AI-governed environments can now map controls, track evidence, and structure programs aligned to these standards directly within Openlane.
Framework support remains modular — teams can enable only what they need and manage multiple frameworks in parallel without duplicating work.
Assessments are now available in Openlane.
Teams can create structured assessments tied to controls and frameworks, assign ownership, collect responses, and track progress over time.
Assessments help operationalize compliance work - whether you’re preparing for an audit, reviewing vendor risk, or validating internal controls. Responses are connected directly to your program, reducing duplicate work and improving visibility across stakeholders.
Today we’re launching the Openlane Trust Center.
The Trust Center gives organizations a structured, customer-facing view of their security and compliance posture. Teams can publish policies and supporting documentation, display framework attestations, and share materials with confidence.
This release includes:
- NDA-gated document access flows
- Customizable branding to match your organization
- Framework attestation displays for supported standards
The Trust Center is modular by design. Use it on its own, pair it with the Compliance Module, or integrate it into your existing workflows.
Trust should reflect real work — not static PDFs.
We’re launching Openlane’s first AI-powered workflows.
Teams can now generate draft policies and get information about controls directly within their compliance program. The goal isn’t to replace expertise and customization, it’s to remove the friction of starting from a blank page and help first-time users with a good starting point.
AI-generated content is contextual to your organization’s structure and always editable, giving you a strong starting point without sacrificing control.
Organizations can now define custom enum values across supported fields in Openlane.
This allows teams to configure status values, categories, and other structured fields to match how they already operate — without reshaping internal processes to fit predefined options.
Openlane is built to adapt to your program, not the other way around.
We’ve redesigned the Openlane homepage to give users immediate clarity when they log in.
The new experience surfaces relevant activity, open tasks, and key compliance metrics so teams can quickly see what needs attention.
The goal is simple: reduce friction and make compliance work easier to navigate.
We’re introducing the Openlane Policy Hub — a curated collection of vetted policy templates designed to help teams move faster.
Instead of starting from a blank page, organizations can now begin with practical, real-world policy foundations and adapt them to their environment.
The templates are maintained openly at https://github.com/theopenlane/policy-hub and are built to be improved collaboratively over time.
We’ve expanded Single Sign-On (SSO) support in Openlane.
In addition to existing providers — GitHub, Google Workspace, Okta, OneLogin, and Slack — organizations can now connect Microsoft Entra ID or any Generic OIDC provider.
This gives teams more flexibility to integrate Openlane with their existing identity infrastructure while maintaining centralized authentication and access controls.
Today we’re launching the Openlane Compliance Module — the foundation for building and managing a structured, sustainable compliance program.
This release introduces controls, programs, evidence tracking, framework mapping, and organizational scoping. Openlane now supports SOC 2, HIPAA, PCI DSS, ISO 27001, NIST CSF, NIST 800-53, and GDPR, allowing teams to manage one or multiple frameworks in a single, connected system without duplicating work.
The Compliance Module is built on top of Openlane’s core security and identity architecture, including:
- Authentication via SSO, social login, passkeys, and traditional credentials
- Support for SSO integrations and MFA enforcement
- Fine-grained permissions
- Group-based access controls
- and more
Compliance is ongoing work, not a point-in-time report, and this module is designed to support the real structure behind your program.
'%3e%3cg id='Final-Copy-2_2_' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st0' d='M7.4,12.8h6.8l3.1-11.6H7.4C4.2,1.2,1.6,3.8,1.6,7S4.2,12.8,7.4,12.8z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3cg id='final---dec.11-2020'%3e%3cg id='_x30_208-our-toggle' transform='translate(-1275.000000, -200.000000)'%3e%3cg id='Final-Copy-2' transform='translate(1275.000000, 200.000000)'%3e%3cpath class='st1' d='M22.6,0H7.4c-3.9,0-7,3.1-7,7s3.1,7,7,7h15.2c3.9,0,7-3.1,7-7S26.4,0,22.6,0z M1.6,7c0-3.2,2.6-5.8,5.8-5.8 h9.9l-3.1,11.6H7.4C4.2,12.8,1.6,10.2,1.6,7z'/%3e%3cpath id='x' class='st2' d='M24.6,4c0.2,0.2,0.2,0.6,0,0.8l0,0L22.5,7l2.2,2.2c0.2,0.2,0.2,0.6,0,0.8c-0.2,0.2-0.6,0.2-0.8,0 l0,0l-2.2-2.2L19.5,10c-0.2,0.2-0.6,0.2-0.8,0c-0.2-0.2-0.2-0.6,0-0.8l0,0L20.8,7l-2.2-2.2c-0.2-0.2-0.2-0.6,0-0.8 c0.2-0.2,0.6-0.2,0.8,0l0,0l2.2,2.2L23.8,4C24,3.8,24.4,3.8,24.6,4z'/%3e%3cpath id='y' class='st3' d='M12.7,4.1c0.2,0.2,0.3,0.6,0.1,0.8l0,0L8.6,9.8C8.5,9.9,8.4,10,8.3,10c-0.2,0.1-0.5,0.1-0.7-0.1l0,0 L5.4,7.7c-0.2-0.2-0.2-0.6,0-0.8c0.2-0.2,0.6-0.2,0.8,0l0,0L8,8.6l3.8-4.5C12,3.9,12.4,3.9,12.7,4.1z'/%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/g%3e%3c/svg%3e)