Compliance Programs

Compliance programs are the foundation of GovernLayer's GRC hub. Create a program, select frameworks, and GovernLayer automatically maps controls, tracks evidence, manages policies, and calculates readiness scores.

The program model

Properties

Name
id
Type
string
Description
Unique identifier for the compliance program.
Name
name
Type
string
Description
Program name (e.g., "SOC 2 Type II 2026").
Name
frameworks
Type
array
Description
List of compliance frameworks included in this program.
Name
status
Type
string
Description
Program status: draft, active, audit_ready, completed.
Name
readiness_score
Type
float
Description
Overall readiness percentage (0-100).
Name
controls_total
Type
integer
Description
Total number of controls mapped.
Name
controls_implemented
Type
integer
Description
Number of controls with status implemented.
Name
created_at
Type
string
Description
ISO 8601 timestamp.

POST/v1/programs

Create a program

Create a new compliance program. GovernLayer automatically generates the control mappings for the selected frameworks.

Required attributes

Name
name
Type
string
Description
Program name.
Name
frameworks
Type
array
Description
List of framework codes: SOC2, GDPR, ISO27001, EU_AI_ACT, HIPAA, NIST_AI_RMF, NIST_CSF, ISO42001, PCI_DSS, CCPA, NIS2, DORA, DSA, DMA.

Request

POST

/v1/programs

curl -X POST https://api.governlayer.ai/v1/programs \
  -H "X-API-Key: gl_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "SOC 2 + GDPR Readiness 2026",
    "frameworks": ["SOC2", "GDPR"]
  }'

Response

{
  "id": "prog_abc123",
  "name": "SOC 2 + GDPR Readiness 2026",
  "frameworks": ["SOC2", "GDPR"],
  "status": "draft",
  "readiness_score": 0,
  "controls_total": 47,
  "controls_implemented": 0,
  "created_at": "2026-04-25T14:00:00Z"
}

GET/v1/programs

List programs

Retrieve all compliance programs for your organization.

Request

GET

/v1/programs

curl https://api.governlayer.ai/v1/programs \
  -H "X-API-Key: gl_your_api_key_here"

Response

{
  "data": [
    {
      "id": "prog_abc123",
      "name": "SOC 2 + GDPR Readiness 2026",
      "frameworks": ["SOC2", "GDPR"],
      "status": "active",
      "readiness_score": 78.5,
      "controls_total": 47,
      "controls_implemented": 37
    }
  ]
}

GET/v1/programs/:id/controls

Get program controls

Retrieve all controls for a compliance program, with optional filtering.

Optional parameters

Name
status
Type
string
Description
Filter by status: implemented, in_progress, not_started, gap.
Name
framework
Type
string
Description
Filter by framework code.

Request

GET

/v1/programs/prog_abc123/controls

curl -G https://api.governlayer.ai/v1/programs/prog_abc123/controls \
  -H "X-API-Key: gl_your_api_key_here" \
  -d status=gap

Response

{
  "data": [
    {
      "id": "ctrl_001",
      "framework": "SOC2",
      "control_id": "CC7.2",
      "title": "System Monitoring",
      "description": "The entity monitors system components for anomalies.",
      "status": "gap",
      "owner": null,
      "evidence_count": 0,
      "last_reviewed": null
    }
  ]
}

PUT/v1/programs/:id/controls/:control_id

Update control status

Update a control's status, owner, or review date for remediation tracking.

Optional attributes

Name
status
Type
string
Description
New status: implemented, in_progress, not_started, gap.
Name
owner
Type
string
Description
Person responsible for this control.

Request

PUT

/v1/programs/prog_abc123/controls/ctrl_001

curl -X PUT https://api.governlayer.ai/v1/programs/prog_abc123/controls/ctrl_001 \
  -H "X-API-Key: gl_your_api_key_here" \
  -H "Content-Type: application/json" \
  -d '{"status": "in_progress", "owner": "security-team"}'

Response

{
  "id": "ctrl_001",
  "status": "in_progress",
  "owner": "security-team",
  "last_reviewed": "2026-04-25T15:00:00Z"
}