Skip to content

We made it our mission to make compliance simple.

We built ASIRTA™, a novel tool that makes information risk simple to identify, manage, and gives peace of mind that it is under control. 

Why do organisations need ASIRTA™?

Because of the increasing burden of acheiving Information Risk compliance


Many companies do not know where to start in baselining their Information Risk


Because of the difficulty of achieving Information Risk compliance


Because of the serious consequences of compliance breaches


You need a governance solution to help you achieve compliance

Experts in Information Risk Compliance

We’re experts, enthusiasts and evangelists in compliance for information management, with nearly a hundred years of front-line experience. We founded The Common Framework because we were tired of seeing UK organisations struggle with compliance, and we wanted to help them manage information risk better. 

We made it our mission to make compliance simple! 

To do this, we built ASIRTA™, a novel tool that makes information risk simple to manage, and gives peace of mind that it is under control.

Helping you simplify Information Risk compliance

We saw compliance as the destination, and governance as the journey; a journey that will improve your Information Security and that in turn will reduce your exposure to legal obligations.  With our long experience of information risk governance, we knew we could make the journey simple, easy and effective.

We set out to build a tool that helps you identify your risks, then create a plan to remediate them and then measure your progress along the plan.

We defined three innovative pillars on which to build the ASIRTA app.


First, our defining contribution to this space has been the construction of a common framework that maps together hundreds of information risk obligations from over 60 laws, allowing us to remove all of the duplications in UK regulation and simplify it dramatically. It’s a concept so powerful that we named the company after it!


Next, we codified the process of discovering information risks and compliance gaps, reviewing exposure to fines, identifying and prioritising remedial activity and finally, tracking progress.  This guided process makes it simple and straightforward to run your governance.


Finally, we gathered governance and compliance activities into groups that naturally fit together, and we made it easy to assign each group to an accountable owner within the organisation, who can in turn delegate the discovery and remedial activities to appropriate people.  We built ASIRTA to bring everything seamlessly back together.

Save time, cost and stress on information risk and compliance.

Helping you fast-track compliance

You can’t fix every gap from the outset, and regulators don’t expect you to. If you can identify your gaps, assess your attitude to risk and your resources, then you can plan which risks to tackle first. This plan will minimise both your risk and your exposure to fines if the worst happens.

Knowing this, we built ASIRTA™ to help you assess your gaps and plan your remediation in a practical way that suits the skills and resources of your organisation. We added the means to track your progress and to prove your progress if that is ever required.

We also made it easy to get started. We know that if you do the basics, you’ll cover 90% of your regulatory overhead.  So, we built an Easy Start package to get control of most of your issues very quickly and grow from there. 

A range of license options to suit your business.

We know that if you do the basics, you'll cover 90% of your regulatory overhead.
So we built an Easy Start package to get control of most of your issues very quickly and grow from there. 

TCF’s experts are available to get you up and running, hold your hand through your compliance journey, or lead the process.

Consultancy Services

“We love Governance, Compliance and Information Security! 
We think you’ll love working with us and you’ll love using ASIRTA™.”

Our experts can be deployed on either short- or long-term engagements against clearly established goals, objectives and deliverables to manage or execute information security requirements.

Frequently Asked Questions

It is a Software as a Service tool we built using our consulting experience that removes the complexity and duplication of the UK’s legal obligations and makes compliance simple.

ASIRTA™ can work out most obligations that are likely to apply to an organisation just by the sectors it operates in.  These are consolidated to highlight the obligations covering information management, data protection and cyber security. This then allows the impact of these sample laws to be reviewed in detail by the organisation’s legal professionals.

Yes – contact us and we’d be happy to set up a time and date to suit you and show you the power and simplicity of ASIRTA™.

Yes – many clients start at basic and upgrade as their requirements grow.

Yes – ASIRTA™ allows you to assign questions and responsibilities to people across your organisation.

No – We have spent time making this simple! An activation email and there is an on-boarding process built into the platform and away you go!

Yes, we can! Contact us to talk it through.

We don’t – we believe compliance isn’t something you ‘achieve and forget’, it’s got to be part of your ‘business as usual’ culture so we only offer annual commitments.

Yes, we do. Give us a call and we can discuss your current situation and then advise in the best way forward.

Yes – It’s one of the best things about ASIRTA™ – you can assess 80% of your risk and get a high-level review within a day. ASIRTA™ saves you time and stress of compliance!

Save time, money and stress on
information risk and compliance.

Arrange a demo today!