Documentation Index
Fetch the complete documentation index at: https://docs.matproof.com/llms.txt
Use this file to discover all available pages before exploring further.
Getting Started
What frameworks does Matproof support?
Matproof currently supports: DORA, ISO 27001, SOC 2, NIS2, GDPR, CSRD, and BaFin BAIT/ZAIT. Controls are cross-mapped — evidence you collect for one framework automatically counts toward overlapping controls in others.
How long does setup take?
The setup wizard takes 15–30 minutes. Reaching meaningful compliance coverage (policies approved, vendors added, first integrations connected) takes 2–4 hours of focused work. See the Onboarding guide for the recommended order of operations.
Can I activate multiple frameworks at once?
Yes. Most customers activate 2–3 frameworks from the start. Matproof’s cross-framework control mapping means you won’t collect the same evidence twice for overlapping controls (e.g., ISO 27001 and NIS2 share many security controls).
Do I need to be a compliance expert to use Matproof?
No. Matproof is designed for teams without a dedicated compliance officer. The AI policy generator, pre-built control libraries, and step-by-step framework guides are intended to make compliance accessible for engineers, operations leads, and founders managing compliance themselves.
Controls and Evidence
Why is a control showing as “Not Started” even though I’ve done the work?
Controls only advance status when evidence is attached. Go to the control, click Add Evidence, and upload documentation, screenshots, or link an integration. Once evidence is reviewed and marked compliant, the control status updates.
How long is evidence valid?
Evidence validity depends on the control. Common expiry windows:
| Evidence Type | Typical Expiry |
|---|
| Access reviews | 90 days |
| Penetration test reports | 12 months |
| Policy acknowledgements | 12 months |
| Vendor assessments | 12 months |
| Integration-collected evidence | Continuously refreshed |
Can I bulk upload evidence?
Yes. Go to Evidence → Bulk Upload to upload multiple files at once and assign them to controls in batch.
Why is my compliance score lower than expected?
The compliance score reflects the percentage of controls in Compliant status. Controls with no evidence, expired evidence, or evidence marked as insufficient reduce the score. Go to Dashboard → Controls by status and filter by “Gap” or “Not Started” to see what’s pulling the score down.
Policies
How does AI policy generation work?
Matproof generates policies using your organization context (from Settings → Context Hub) combined with framework-specific templates. The more detail you provide in the Context Hub, the more relevant the output. Generated policies are drafts — you must review, customize, and publish them.
Can I import existing policies instead of generating new ones?
Yes. Go to Policies → Import to upload existing policy documents (PDF, Word, or Markdown). Matproof stores them and links them to the relevant controls, but AI-generated policies are generally better structured for audit purposes.
Who needs to acknowledge policies?
Policy acknowledgement requirements depend on the policy type:
- Security policies (acceptable use, clean desk) — all employees
- Role-specific policies — the relevant role holders
- Management policies — policy owner and senior management
Configure acknowledgement requirements per policy under Policies → [Policy] → Settings.
Integrations
An integration is showing errors after it was working fine — what do I do?
The most common cause is an expired OAuth token or a permission change. Go to Settings → Integrations → [Integration] → Reconnect to re-authorize. If the issue persists, check whether your account permissions in the connected tool have changed.
Why isn’t my integration collecting evidence for some controls?
Some controls require specific configuration in the connected tool, not just connection. For example, the GitHub integration cannot evidence “branch protection enabled” if branch protection was never set up in GitHub — connecting Matproof doesn’t create the protection, it reports its status.
Can I connect more than one AWS account?
Yes. Go to Settings → Integrations → AWS → Add account to connect additional accounts. Each account requires a separate cross-account IAM role.
Does Matproof store the data it collects from integrations?
Matproof stores evidence snapshots (the result of checks at a point in time) but does not continuously mirror your infrastructure data. Raw access to your connected tools is used only to run checks during the scheduled sync.
Vendors and TPRM
How do I send a vendor questionnaire?
Go to Vendors → [Vendor] → Assessments → Send Questionnaire. Select a template (DORA TPRM, SOC 2 vendor, ISO 27001 supplier) or use a custom template. The vendor receives a link — they do not need a Matproof account to respond.
A vendor hasn’t responded to our questionnaire — can I send a reminder?
Yes. Go to Vendors → [Vendor] → Assessments → [Questionnaire] → Send Reminder.
Can I import a vendor list from a spreadsheet?
Yes. Go to Vendors → Import and download the CSV template. Fill it in and upload — all vendors will be created with the data from the spreadsheet.
Auditors and Audit Preparation
How do I give my external auditor access?
Invite them via Settings → Team → Invite member with the Auditor role. They get read-only access to controls, evidence, policies, and the risk register, and land on a dedicated auditor dashboard. See Roles and Permissions for details.
Can the auditor export evidence?
Yes. Auditors can download individual evidence files and export compliance reports. They cannot create, edit, or delete any records.
Matproof supports export in PDF (for reports), Excel (for control lists, risk registers, vendor lists), and JSON (for API consumers). Go to any module and click Export.
Billing and Account
Can I change my plan?
Yes. Go to Settings → Billing to upgrade, downgrade, or cancel. Upgrades take effect immediately. Downgrades take effect at the end of the current billing period.
What happens to my data if I cancel?
Your data is retained for 30 days after cancellation and available for export. After 30 days it is deleted. Export your data before cancelling if you need to retain it.
Is there a free trial?
Yes — Matproof offers a 14-day free trial on all paid plans. No credit card required. Contact support@matproof.com if you need a trial extension for a longer evaluation.
Still stuck?
Contact us at support@matproof.com or use the in-app chat. Include your organization name and a description of the issue. For integration-specific issues, include a screenshot of the error from Settings → Integrations.
