Closing the Gap Between Compliance and Assurance
Cyber-Physical Assurance Platform (C-PAP) delivers structured, evidence-led assurance across IT, OT, and converged environments — unified under a single canonical control model.
Three Operating Contexts. One Assurance Model.
Whether your organisation operates in IT, OT, or converged environments, C-PAP provides a consistent assurance framework tailored to your operating context.
IT Compliance
Structured assurance for enterprise IT environments, aligned to ISO/IEC 27001, Cyber Essentials, and regulatory expectations across governance, risk, and information security.
OT/ICS Security
Purpose-built assurance for operational technology and industrial control systems, mapped to IEC 62443, NCSC CAF, and sector-specific safety and availability requirements.
Converged Assurance
Unified IT/OT assurance for organisations managing both enterprise and operational technology domains under a single governance and reporting model.
Platform Capabilities
C-PAP brings together control mapping, assessment, reporting, and governance into a coherent assurance platform — built for practitioners, defensible for regulators.
Canonical Control Model
418 controls across 17 domains, cross-mapped to 85+ frameworks. Assess once, demonstrate compliance across multiple regulatory obligations.
Assessment Engine
Structured maturity assessment with five capability levels, weighted scoring, and evidence-based evaluation across mandatory and overlay domains.
Reporting & Analytics
27 report templates across four groups, delivering executive summaries, compliance dashboards, domain deep-dives, and risk treatment analysis.
Framework Coverage
Cross-mapped to ISO/IEC 27001, IEC 62443, NCSC CAF, NIST CSF 2.0, NIS2, and further sector-specific frameworks — with full traceability to CCM controls.
AI Governance
Integrated AI risk and governance controls aligned to ISO/IEC 42001, enabling organisations to manage AI assurance alongside broader cyber-physical security obligations.
Technical Architecture
Modular five-part architecture designed for deployment across enterprise, industrial, and converged environments with clear integration points.
AI-Enabled Platform Capabilities
C-PAP integrates AI capabilities across three maturity tiers — accelerating analysis, improving consistency, and augmenting professional judgement with human oversight at every stage.
Tier 1 — Core Intelligence
Automated gap analysis across mapped frameworks, natural language querying of the control model and evidence base, and intelligent evidence triage that identifies relevance and currency issues. Available across all deployment models.
Tier 2 — Analytical Depth
Regulatory change monitoring that tracks framework updates and flags control impact. AI-generated assessment reports with human-in-the-loop review, reducing reporting effort whilst maintaining professional accountability.
Tier 3 — Strategic Insight
Threat-informed control prioritisation using MITRE ATT&CK and D3FEND mapping. Maturity trend analysis with predictive modelling to support strategic investment and resource allocation decisions.
Ready to Unify Your Assurance?
Request a briefing to see how C-PAP can support your organisation's compliance and assurance objectives.