Setting Up Your Account

Configure your CloudAnzen workspace, invite the right people, choose roles, and avoid common first-week setup mistakes.

Setting Up Your Account

Your CloudAnzen account becomes the system of record for compliance work, so it is worth setting it up intentionally. A clean setup makes it easier to assign ownership, connect evidence, onboard auditors, and keep customer-facing trust materials accurate.

Before You Start

Gather a few details before creating your workspace:

  • Legal company name and common customer-facing name.
  • Primary industry and region.
  • Target framework or audit objective, such as ISO 42001, SOC 2 Type I, SOC 2 Type II, ISO 27001, HIPAA, or customer security review readiness.
  • Core systems to connect first, such as AWS, Google Workspace, GitHub, Jira, Slack, MDM, or ticketing.
  • Names of the people who own security, engineering, HR, IT, legal, vendor management, and compliance.

Step 1: Create Your Organization Profile

After signing up, create your organization profile. Enter your company name, industry, approximate team size, and primary compliance objective. This information helps CloudAnzen tailor framework suggestions, onboarding tasks, and operating defaults.

Use the name your customers and auditors recognize. If your legal entity name differs from your product brand, use the customer-facing name in the workspace and keep legal details in policy and audit documents.

Step 2: Configure Your Profile

Set your name, role, timezone, and notification preferences. These details affect assignment notifications, Todo views, audit collaboration, and reminders.

For the first admin user, choose a durable account owned by someone who can manage users and integrations. Avoid making a temporary contractor or test account the only admin.

Step 3: Invite the Core Team

Navigate to Settings -> Team to invite colleagues. Start with the small group required to make progress:

  • Security or compliance lead.
  • Infrastructure owner.
  • Identity or IT owner.
  • Engineering manager or platform owner.
  • HR or people operations owner if personnel controls apply.
  • Legal or operations owner for policies and vendors.
  • Executive sponsor if you need dashboard visibility or approvals.

Step 4: Choose Roles Carefully

Assign roles based on day-to-day responsibility, not job title alone.

RoleBest forTypical work
OwnerCompany administrator or founderBilling, organization-level settings, critical access decisions
AdminSecurity or compliance leadTeam settings, integrations, frameworks, controls, and reports
Compliance ManagerGRC operator or security program ownerControls, evidence, policies, vendors, risks, and audits
ContributorEngineering, IT, HR, or operations ownerCompleting assigned tasks, uploading evidence, responding to requests
ViewerExecutives, auditors, or observersReviewing dashboards, reports, and shared audit materials

Step 5: Connect Your First Systems

Head to Settings -> Integrations and connect the systems that will produce the most evidence. For most SaaS teams, this means:

  • Cloud provider: AWS, GCP, or Azure.
  • Identity provider: Google Workspace, Okta, Microsoft Entra ID, or similar.
  • Code hosting: GitHub, GitLab, or Bitbucket.
  • Device or MDM source: Fleet, Kandji, Jamf, Intune, or equivalent.
  • Ticketing or change management: Jira, Linear, ServiceNow, or similar.
Start with two or three high-value integrations. A smaller complete setup is better than connecting every tool before owners are ready to review the results.

Step 6: Choose Your Framework

Select one or more compliance frameworks from the Frameworks section. CloudAnzen maps relevant controls and helps you see what is already covered by existing evidence.

If you are unsure where to start:

  • Choose ISO 42001 if you build, provide, or heavily use AI systems and need to prove AI governance.
  • Choose SOC 2 if customers are asking for a SOC 2 report.
  • Choose ISO 27001 if you sell globally or need a formal information security management system.
  • Choose HIPAA if you handle protected health information.
  • Choose GDPR if you process EU personal data.
  • Choose NIST CSF if you need a flexible security maturity baseline.

Step 7: Set Your Operating Defaults

Before assigning lots of work, configure these defaults:

  • Notification preferences for admins and contributors.
  • Evidence review cadence.
  • Policy review cadence.
  • Vendor review cadence.
  • Risk severity and due-date expectations.
  • Integration sync expectations.

Common Setup Mistakes to Avoid

  • Inviting everyone before you have clear owners.
  • Connecting many integrations without assigning someone to review the findings.
  • Activating too many frameworks at once.
  • Treating Viewer users as task owners.
  • Leaving controls unassigned after framework activation.
  • Uploading evidence without linking it to the right control or request.

What Good Setup Looks Like

By the end of setup, you should be able to answer:

  • Which framework are we working toward first?
  • Who owns each major control area?
  • Which systems are connected for automated evidence?
  • Which evidence must be uploaded manually?
  • Where will team members see their assigned work?
  • How often will we review open gaps?