Prerequisites

Before you begin, make sure you have:
  • A LowerPlane account (sign up at app.lowerplane.com)
  • Admin access to at least one cloud provider, identity provider, or security tool you plan to integrate
  • A general understanding of which compliance frameworks your organization needs to pursue
Not sure which frameworks you need? Start with the Compliance Overview to learn about each framework and how they overlap.

Setup Steps

1

Sign Up and Create Your Account

Visit app.lowerplane.com and create your account using your work email address. You can sign up with email and password, Google SSO, or Microsoft SSO.After verifying your email, you will be taken to the organization setup wizard.
2

Set Up Your Organization

Complete your organization profile with the following details:
  • Organization name - Your company’s legal name
  • Industry - Select your industry vertical (this helps tailor control recommendations)
  • Company size - Number of employees (affects personnel management features)
  • Primary contact - The main compliance contact for your organization
Organization settings can be updated later from Settings > Organization. The information you provide here helps LowerPlane prioritize controls and generate relevant policy templates.
3

Enable Compliance Frameworks

Select the compliance frameworks your organization needs to achieve. LowerPlane supports:
FrameworkControlsBest For
ISO 2700193 controlsInternational information security standard
SOC 264 criteriaSaaS and service organizations
HIPAA18 safeguardsHealthcare and health data
GDPR99 articlesEU data protection
PCI-DSS12 requirementsPayment card processing
You can enable multiple frameworks at once. LowerPlane automatically maps overlapping controls so you only implement each requirement once.
Start with the framework that is most urgent for your business. You can always add more frameworks later, and LowerPlane will show you how much of the new framework is already covered by your existing work.
4

Connect Your Integrations

Navigate to Integrations and connect your existing tools. Integrations enable automated evidence collection, which can cover 30-50% of your compliance requirements without manual effort.Start with these high-impact integrations:

Cloud Provider

Connect AWS, Azure, or GCP to automatically collect infrastructure evidence such as encryption settings, access controls, and network configurations.

Identity Provider

Connect Okta, Google Workspace, or Azure AD to pull user lists, MFA status, and authentication logs for access control evidence.

Version Control

Connect GitHub to verify code review processes, branch protection rules, and access controls on your repositories.

HR System

Connect your HR platform to sync employee data, track onboarding and offboarding, and verify background checks.
Integration connections require appropriate admin permissions in the source system. Make sure you have the necessary access before attempting to connect.
5

Create Your First Policies

Go to Policies and create policies from LowerPlane’s built-in templates. Templates are pre-mapped to framework controls and include all required sections.Recommended policies to start with:
  1. Information Security Policy - Foundational policy required by all frameworks
  2. Access Control Policy - Covers user access management and authentication
  3. Data Protection Policy - Addresses data handling, encryption, and privacy
  4. Incident Response Policy - Defines your security incident procedures
  5. Acceptable Use Policy - Sets employee expectations for system usage
Each policy goes through a lifecycle: Draft > In Review > Approved > Published. Once published, you can send acknowledgment requests to employees.
6

Invite Your Team

Navigate to Settings > Users & Roles and invite your team members. LowerPlane supports role-based access:
  • Admin - Full access to all features and settings
  • Compliance Manager - Manage controls, evidence, policies, and vendors
  • Contributor - Upload evidence, complete assigned tasks
  • Viewer - Read-only access to dashboards and reports
  • Auditor - Special read-only access through the Auditor Portal
You can also enable SSO for your organization under Settings > SSO to streamline team onboarding.

What Happens Next

After completing the setup steps, LowerPlane begins working in the background:
  1. Integration sync - Connected tools start syncing data and collecting evidence automatically
  2. Control mapping - Your enabled frameworks are mapped to the unified control library
  3. Gap analysis - The compliance dashboard populates with readiness scores and identified gaps
  4. Recommendations - LowerPlane surfaces the highest-priority items to address first

Run an Assessment

Complete the 20-question security assessment to get a baseline compliance score and prioritized roadmap.

Review Your Controls

Browse your control library, mark implemented controls, and assign owners to gaps.

Set Up Vendor Management

Add your vendors and start tracking their compliance posture and risk levels.

Configure Your Trust Center

Set up your public-facing Trust Center to showcase your compliance posture to customers.