Getting Started

Understanding Compliance in Standards

Compliance health tells you whether your site is meeting its adopted programme obligations. For active standards, the system evaluates each requirement against linked evidence, role assignments, and attestations, then gives the programme an overall health label. For adopting standards, the system tracks readiness instead, showing which requirements are configured and which still need setup.

Why compliance health matters

Compliance health gives site managers and compliance officers a quick, single view of whether a standard is on track or needs attention. Instead of checking every requirement individually, the health label rolls up all requirement statuses into one of three states: On Track, At Risk, or Critical. These labels appear on the standard card in the Our Standards list and in the progress summary on the standard detail page.

How compliance is graded

When a standard is adopted, the site manager chooses how the overall health label is calculated. There are two methods:

Worst wins

In Worst wins mode, the programme is graded by its most severe requirement:

  • Critical if any requirement is strictly non-compliant.

  • At Risk if no requirement is non-compliant, but at least one is being remediated or has a warning.

  • On Track when everything is compliant or has no gaps.

This mode is useful when a single gap can invalidate the whole programme, such as a mandatory health-and-safety requirement where every item must be met.

Percentage thresholds

In Percentage thresholds mode, the programme is graded from its overall compliant percentage using configurable bands. The default bands are 90% for On Track and 70% for At Risk.

  • On Track when at least 90% of in-scope requirements are compliant.

  • At Risk when 70% to 89% are compliant.

  • Critical when fewer than 70% are compliant.

This mode is useful when a programme has many requirements and partial compliance is acceptable as long as the overall score stays above a minimum level.

Reading the active standard summary

When a standard is active, its detail page shows a compliance ring and a set of summary metrics:

  • Non Compliant β€” the count of requirements that are currently non-compliant. These are outstanding obligations that need to be addressed.

  • Remediating β€” the count of requirements that have been flagged as being worked on. A manager or admin can mark a non-compliant requirement as remediating to indicate that remediation is in progress. This is a manual flag, not a change to the underlying compliance status.

  • Out of Scope β€” the count of requirements that have been excluded from the programme. These requirements do not contribute to the compliance percentage or the health label.

The compliance ring shows the percentage of in-scope requirements that are currently compliant, so you can see at a glance how close the programme is to full compliance.

Reading the adopting standard summary

When a standard is still in the Adopting state, the detail page shows a readiness ring and a different set of metrics:

  • Setup Gaps β€” requirements that still need attention before the programme can be activated.

  • Not Started β€” requirements that have not yet been configured.

  • In Progress β€” requirements that are partially configured.

  • Ready β€” requirements that are fully configured and will participate in compliance once the programme is activated.

The standard cannot be activated until every requirement is in the Ready state.

Requirement-level statuses

Each trackable requirement in an active standard has its own compliance status. The system evaluates evidence, roles, and attestation to determine:

  • Compliant β€” all checks pass. Evidence is present, roles are assigned, attestations are current, and there are no operational health gaps.

  • Non-compliant β€” at least one compliance gap remains. This is a system-derived state, not a manual choice.

  • Remediating β€” a manager or admin has manually flagged a non-compliant requirement as being worked on. The underlying status stays non-compliant, but the programme summary counts it as remediating until the issue is resolved or the flag is cleared.

Requirements that are Out of Scope do not receive a compliance status and do not participate in scoring.

What to do when a standard is at risk or critical

When a standard shows At Risk or Critical, open the standard detail page and review the requirement tree. The tree shows which requirements are non-compliant and what type of gap is causing itβ€”missing evidence, unassigned roles, or overdue attestation. Address the gaps in order of severity to bring the standard back to On Track.

If a non-compliant requirement is actively being fixed, you can mark it as Remediating so the programme summary reflects that work is in progress. Remember to clear the remediating flag once the requirement is actually compliant.

Force-override

In exceptional situations, an admin can override the derived compliance status of a requirement. This is used only when the site genuinely cannot meet a requirement but needs to record it as compliant for scoring purposes, or when a mandatory requirement must be forced out of scope. Both actions require a written justification and are recorded in the audit trail. The underlying gap details remain visible to administrators even after an override.

For the broader model and how standards move through their lifecycle, see the Standards Overview. For the site-level dashboards and card views, see the Standards Dashboards and Site Home. If you need to adopt or configure a standard, see the Adopt a Standard at This Site and Configure Standard Requirements.

For step-by-step instructions on marking and clearing a requirement as remediating, see Mark a requirement as remediating.

For step-by-step instructions on marking a requirement as in scope or out of scope, see Mark a requirement as in scope or out of scope.

Was this helpful?