| Feature | Basic tier | Baseline tier | Manager tier |
|---|---|---|---|
| Cyber security | NCSC 10 steps only | NCSC 10 steps Minimum cyber security standard NHS Digital DSPT NIS Guidance collection | NCSC 10 steps Minimum cyber security standard NHS Digital DSPT NIS Guidance collection |
| Data protection | ICO GDPR 12 steps guidance | ICO GDPR 12 steps guidance ICO GDPR security outcomes | ICO GDPR 12 steps guidance ICO GDPR security outcomes |
| Corporate governance | N/A | HMT Orange book | HMT Orange book |
| Information management | Data Protection Act 2018 | Up to 100 sample laws | Up to 100 sample laws |
| Custom obligations | If management module purchased | If management module purchased | Yes |
| Delegation of questions internally | Yes | Yes | Yes |
| Delegation of questions externally | If management module purchased | If management module purchased | Yes |
| Integration into other systems | If management module purchased | If management module purchased | Yes |
| Asset management | If management module purchased | If management module purchased | Yes |
| Reporting | Against GDPR 12 steps and Cyber 10 steps guidance | Against all relevant obligations, customisable reporting | Against all relevant obligations, customisable reporting |
| Risk assessment | If management module purchased | If management module purchased | Yes, for obligation risks |