The only operations playbook that doesn't just document rules — it enforces them.
Most compliance tools document your rules. FirstParty enforces them — with real-time status tracking, automated alerts, and an audit trail built for regulators.
28 pre-built compliance rules with live status tracking. Know your compliance score at any moment — not just at audit time. Statuses update in real time as your team works.
Violations trigger immediate alerts. Team members acknowledge with one click — creating a dated, auditable record of every compliance action taken.
Every status change, acknowledgment, and review is logged automatically. Generate shareable compliance reports for auditors and regulators in seconds — no login required on their end.
Admin, Compliance Officer, and Viewer roles out of the box. Control exactly who can update rules, acknowledge alerts, or view sensitive compliance data.
Start with 28 pre-built rules for regulated industries. Mark N/A, set priorities, add custom rules for your firm.
Every rule is tracked in real time. Your live compliance score updates as your team works through the playbook.
When a rule falls out of compliance, alerts fire immediately. One-click acknowledgment creates a timestamped record.
Generate read-only compliance reports with a single link. Auditors and regulators need no login to view them.
Start free. No credit card required. Upgrade when you need more seats or custom rules.
Every rule ships active. Click a rule to see its implementation guidance.
Create your account and start tracking compliance today.
Track your compliance across all 28 rules.
Complete record of all compliance actions taken by your team. Required for regulatory compliance.
Personalize your compliance playbook to fit your business.
Every rule in the 28-rule playbook applies by default. If a rule doesn't apply to your business — for example, a law firm doesn't need the same rules as a SaaS startup — you can mark it as Not Applicable from the Dashboard.
N/A rules are excluded from your compliance score and hidden from the active tracker. You can set a custom priority (Low / Medium / High / Critical) for any rule that needs special attention.
Get notified about compliance events even when you're not logged in.
Push compliance events to Slack, Teams, or any HTTP endpoint in real-time.
compliance.status_changed
compliance.alert_created
compliance.scan_completed
compliance.escalation
compliance.score_changed
compliance.remediation_created
compliance.remediation_resolved
Programmatic access for CI/CD pipelines, SIEM integrations, and automated reporting.
GET /api/v1/score
GET /api/v1/compliance
GET /api/v1/rules
GET /api/v1/audit
Authorization: Bearer fp_...Manage team members and their access levels.
Manage your subscription. Upgrade to unlock exports, team management, and public compliance reports.
Product usage and engagement metrics.
Stored in sessionStorage only. Set ADMIN_SECRET env var on the server.
Define compliance rules specific to your business. Custom rules participate in scoring, alerts, and scans alongside the 28 pre-built rules.
Automatically email compliance reports to stakeholders on a weekly or monthly basis. Requires Professional plan.
Activate SOC 2, HIPAA, or GDPR rule packs. Each framework adds industry-standard controls to your compliance checklist.
Score trends, category breakdown, and activity timeline.
Assign fix tasks to your team for every non-compliant rule. Track from open to verified.
Regulatory deadlines, certification renewals, and recurring obligations
Likelihood × impact scoring for each compliance rule. Identify your highest-exposure risks and track mitigation progress.
| Rule | Category | Likelihood | Impact | Score | Mitigation | Assessed By | |
|---|---|---|---|---|---|---|---|
| Loading... | |||||||
Attach formal written policies to compliance rules. Auditors ask for this first.
Track certifications, completions, and regulatory training requirements per team member.
Export complete compliance bundles for auditor delivery — frameworks, evidence, remediation history, and score trends in one structured export.
Track regulatory updates, assess impact on your controls, and manage remediation workflows.
Document security events, track response timelines, manage regulatory notifications.
Assess, score, and monitor third-party compliance exposure. Required by SOC 2 CC9.2 and FINRA supervisory obligations.
Centralized document repository with retention schedules for FINRA Rule 17a-4, SEC Rule 17a-4, and SOC 2 CC7.2 compliance.
Your activity feed across all GRC modules
Control which events create in-app notifications. Changes take effect immediately.
Preferences are per-user. Team members can configure their own notification settings independently.
That page doesn't exist. It may have moved or never existed in the first place.
An unexpected error occurred. Please refresh the page to continue.
Board-ready GRC scorecard across all compliance dimensions.
Pre-built SOC 2, HIPAA, FINRA, and GDPR templates. One click to generate a regulator-ready report from live platform data.
Loading templates…
Trigger-action rules that auto-escalate, notify, and update across all GRC modules. The active enforcement layer that keeps your compliance posture current.
Tamper-evident activity log across all GRC modules. Required by SOC 2 CC7.2, HIPAA §164.312(b), and FINRA 3110(b)(4).
| When | Actor | Module | Action | Entity | IP |
|---|---|---|---|---|---|
| Loading… | |||||
Configure SAML/OIDC identity providers · Enforce SSO for your organization · Audit login sessions
Connect your identity provider. Enforce SSO to require all users to authenticate via IDP.
Invite external auditors, regulators, and assessors with scoped, time-limited access to your compliance data.
Define roles, set granular module permissions, and assign team members to control who can read, write, and manage each GRC area.
Live compliance posture across all modules — decision-ready for the board.
API keys for programmatic access · Webhooks to push compliance events to external systems
Authenticate with X-API-Key: fp_... or Authorization: Bearer fp_...
Configure SAML 2.0 identity providers · Enforce SSO for your company · Audit login sessions
Each config represents one IdP trust relationship (Okta, Azure AD, etc.)