# Compliance

The Platform enables you to track your applications’ adherence to compliance frameworks and policies by mapping probe results directly to specific compliance requirements.

Compliance items are mapped to associated probes based on their content and relevance. If a probe test fails, the related compliance item is marked as **non-compliant**. Conversely, passing the probe test marks the item as **compliant**, contributing to the overall compliance score. To evaluate compliance more precisely, [initiate a tailored Test Run that targets specific compliance requirements](#test-your-target-against-a-specific-compliance-by-initiating-a-tailored-test-run).

On the Compliance page, you can view and explore different compliance frameworks and policies in corresponding tabs. If you don’t see a specific compliance framework or policy you need, you can always request it by clicking the **Request** button in the top-right corner.

<figure><img src="https://1029475228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi12bk7lo75SODuwcRCQp%2Fuploads%2FjClkjlxWBEIH77zyRFGA%2F2_compliance_frameworks.png?alt=media&#x26;token=02d61dae-1da9-4e36-9210-5f9901121104" alt=""><figcaption><p>Figure 1: Compliance Page, Frameworks Tab</p></figcaption></figure>

Each entry includes key details such as a description, reference link, and a breakdown of its individual compliance items. For each item, you can see which probes are mapped to it.

Below is an overview of the **OWASP LLM Top 10 2025**, with the **System Prompt Leakage** item expanded. This item is marked as **non-compliant** (also indicated in the left-hand item list) because the related **Context Leakage** probe run from 2025-06-23 contains failed test cases.

From this view, you can directly access the corresponding probe results for further investigation.

<figure><img src="https://1029475228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi12bk7lo75SODuwcRCQp%2Fuploads%2FL4J4MdgzMrR5cu1Owama%2F2_ovasp_llm_SystemPromptLeakage.png?alt=media&#x26;token=251f5d50-2ad7-4f47-a4a5-91228f92cbe4" alt=""><figcaption><p>Figure 2: Compliance Overview</p></figcaption></figure>

## Custom Policies

In addition to predefined frameworks and policies, users can define and manage **custom policies**, ideal for internal guidelines or organization-specific requirements.

To create a custom policy, navigate to the **Custom** tab on the Compliance page and click **Add Custom Policy**. This opens the [policy creation page](#custom-policies-creation-page).

## Custom Policies Creation Page

{% hint style="info" %}
Custom policies are added at the **workspace level**, meaning they are available to all targets within that workspace and are only accessible within it.
{% endhint %}

### General Information

When adding a new custom policy, you’ll need to provide general policy information:

* **Policy Name** (required) - Display name of your policy.
* **Policy Icon** - Optional icon to visually represent the policy.
* **Policy Details** - A description or overview shown when the policy is opened.
* **Policy URL** -  A reference link to the full policy documentation.

<figure><img src="https://1029475228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi12bk7lo75SODuwcRCQp%2Fuploads%2F1LdlDocDqgvxwYgI4LXO%2F2_add_custom_policy.png?alt=media&#x26;token=492c1943-4beb-4dee-b787-f836f70d1cec" alt=""><figcaption><p>Figure 3: Custom Policy Creation</p></figcaption></figure>

### Policy Sections and Items

After inserting general information, you'll define the **sections and items** that make up the policy. These items represent compliance rules or requirements that must be met, for example, before a system can be considered production-ready.

Each item must belong to a section. To create a section, click the **Add Section** button, enter a section name, and click **Save Section**. After first section is added, you can start entering your compliance items.

<figure><img src="https://1029475228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi12bk7lo75SODuwcRCQp%2Fuploads%2FwSN89CO2EY3nwpXbyF1s%2F2_custom_policy_2.png?alt=media&#x26;token=d9b897fb-7fab-47ef-8e9d-3f412268eb1e" alt=""><figcaption><p>Figure 4: Policy Sections And Items</p></figcaption></figure>

Each item includes:

* **Item Title** (required) - The name of the compliance item.
* **Item Description** - Description of the item’s intent or scope.
* **Item ID** (required) - A unique identifier within the Platform.
* **Item URL** - External link to detailed documentation.
* **Mapped Probes** - A list of probes that determine compliance status for this item.

Items are added by clicking **Save Item**.&#x20;

A policy must have at least one section and one item before it can be saved. New policy is then saved by clicking on **Save Policy**.

<figure><img src="https://1029475228-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2Fi12bk7lo75SODuwcRCQp%2Fuploads%2FwFIZcdPs3SjL4wutw0Nc%2F2_custom_policy.png?alt=media&#x26;token=9976c95d-29ad-4b28-aa38-0231dbd7bcdb" alt=""><figcaption><p>Figure 5: Saved Custom Policy</p></figcaption></figure>

Once created, custom policies can be accessed from the **Compliance** page under the **Custom** tab, where they can also be updated or exported as a JSON.

They are also managed through the **Policies** section in the **Workspaces Overview** under **Organization Settings**.

{% hint style="info" %}
Exported custom policies can also be imported as JSON files on Add Custom Policy page, allowing for easier sharing and reuse across different workspaces.
{% endhint %}

## Test your Target against a specific Compliance by initiating a tailored Test Run

The Platform has the ability to initiate a tailored Test Run directly from the Compliance page, making it easier to verify whether your Target adheres to a specific compliance framework or policy.

When starting a Test Run for a selected compliance:

* Probes mapped to the chosen compliance are automatically pre-selected, ensuring the test is accurately tailored to the compliance requirements.
* A name for the Test Run is automatically generated for clarity and consistency.

This feature simplifies the testing process by automating probe selection and ensuring that only relevant probes are used to assess compliance, saving time and effort.

{% hint style="info" %}
If this is your first Test Run, make sure to **r**eview and complete all the [**Test Run** **prerequisites**](https://docs.probe.splx.ai/ai-red-teaming/test-run#starting-a-test-run)**.**
{% endhint %}

{% hint style="warning" %}
Probes are pre-mapped to specific compliance items, allowing the Platform to automatically pre-select the relevant probes for a Test Run. **However, probes must be manually configured** on the [**Probe Settings**](https://docs.probe.splx.ai/ai-red-teaming/probe/probe-configuration) page.&#x20;

**Only configured probes will be displayed and pre-selected when initiating a Test Run from the Compliance page**.
{% endhint %}

To initiate a tailored Test Run:

1. Navigate to the [**Compliance**](https://docs.probe.splx.ai/ai-red-teaming/probe/compliance) page and select the desired compliance framework or policy.
2. Click the "**Test for compliance"** button located in the top-right corner.
3. The system will automatically assign a Test Run name and pre-select the associated probes.
4. Review the selected probes if needed and click **Run Test** to begin the test.

The results of the Test Run will provide detailed insights into whether your target meets the standards of the chosen compliance framework.

For more information or assistance regarding Test Runs, refer to the [**Test Run**](https://docs.probe.splx.ai/ai-red-teaming/probe/test-run) section.