Setting Up Your Account
Your CloudAnzen account becomes the system of record for compliance work, so it is worth setting it up intentionally. A clean setup makes it easier to assign ownership, connect evidence, onboard auditors, and keep customer-facing trust materials accurate.
Before You Start
Gather a few details before creating your workspace:
- Legal company name and common customer-facing name.
- Primary industry and region.
- Target framework or audit objective, such as ISO 42001, SOC 2 Type I, SOC 2 Type II, ISO 27001, HIPAA, or customer security review readiness.
- Core systems to connect first, such as AWS, Google Workspace, GitHub, Jira, Slack, MDM, or ticketing.
- Names of the people who own security, engineering, HR, IT, legal, vendor management, and compliance.
Step 1: Create Your Organization Profile
After signing up, create your organization profile. Enter your company name, industry, approximate team size, and primary compliance objective. This information helps CloudAnzen tailor framework suggestions, onboarding tasks, and operating defaults.
Use the name your customers and auditors recognize. If your legal entity name differs from your product brand, use the customer-facing name in the workspace and keep legal details in policy and audit documents.
Step 2: Configure Your Profile
Set your name, role, timezone, and notification preferences. These details affect assignment notifications, Todo views, audit collaboration, and reminders.
For the first admin user, choose a durable account owned by someone who can manage users and integrations. Avoid making a temporary contractor or test account the only admin.
Step 3: Invite the Core Team
Navigate to Settings -> Team to invite colleagues. Start with the small group required to make progress:
- Security or compliance lead.
- Infrastructure owner.
- Identity or IT owner.
- Engineering manager or platform owner.
- HR or people operations owner if personnel controls apply.
- Legal or operations owner for policies and vendors.
- Executive sponsor if you need dashboard visibility or approvals.
Step 4: Choose Roles Carefully
Assign roles based on day-to-day responsibility, not job title alone.
| Role | Best for | Typical work |
|---|---|---|
| Owner | Company administrator or founder | Billing, organization-level settings, critical access decisions |
| Admin | Security or compliance lead | Team settings, integrations, frameworks, controls, and reports |
| Compliance Manager | GRC operator or security program owner | Controls, evidence, policies, vendors, risks, and audits |
| Contributor | Engineering, IT, HR, or operations owner | Completing assigned tasks, uploading evidence, responding to requests |
| Viewer | Executives, auditors, or observers | Reviewing dashboards, reports, and shared audit materials |
Step 5: Connect Your First Systems
Head to Settings -> Integrations and connect the systems that will produce the most evidence. For most SaaS teams, this means:
- Cloud provider: AWS, GCP, or Azure.
- Identity provider: Google Workspace, Okta, Microsoft Entra ID, or similar.
- Code hosting: GitHub, GitLab, or Bitbucket.
- Device or MDM source: Fleet, Kandji, Jamf, Intune, or equivalent.
- Ticketing or change management: Jira, Linear, ServiceNow, or similar.
Step 6: Choose Your Framework
Select one or more compliance frameworks from the Frameworks section. CloudAnzen maps relevant controls and helps you see what is already covered by existing evidence.
If you are unsure where to start:
- Choose ISO 42001 if you build, provide, or heavily use AI systems and need to prove AI governance.
- Choose SOC 2 if customers are asking for a SOC 2 report.
- Choose ISO 27001 if you sell globally or need a formal information security management system.
- Choose HIPAA if you handle protected health information.
- Choose GDPR if you process EU personal data.
- Choose NIST CSF if you need a flexible security maturity baseline.
Step 7: Set Your Operating Defaults
Before assigning lots of work, configure these defaults:
- Notification preferences for admins and contributors.
- Evidence review cadence.
- Policy review cadence.
- Vendor review cadence.
- Risk severity and due-date expectations.
- Integration sync expectations.
Common Setup Mistakes to Avoid
- Inviting everyone before you have clear owners.
- Connecting many integrations without assigning someone to review the findings.
- Activating too many frameworks at once.
- Treating Viewer users as task owners.
- Leaving controls unassigned after framework activation.
- Uploading evidence without linking it to the right control or request.
What Good Setup Looks Like
By the end of setup, you should be able to answer:
- Which framework are we working toward first?
- Who owns each major control area?
- Which systems are connected for automated evidence?
- Which evidence must be uploaded manually?
- Where will team members see their assigned work?
- How often will we review open gaps?