Skip to content

What we do

The Common Framework (TCF) has developed a SaaS platform (ASIRTA™) that provides a single truth of Information Risk linking the operational reality to the Board’s Information Risk Management regime, to deliver a resilient and cost-effective cyber security strategy that can be clearly defined and communicated internally and externally.

ASIRTA™ helps organisations achieve large reductions in the burden of managing their information risk, and their leaders to reduce the risk, cost and liability of compliance failures, by aligning, simplifying and prioritising decision making to UK regulatory obligations and advice.

ASIRTA™  addresses the problem that less than 5%  of UK companies have adopted the NCSC 10 steps to cyber security guidance, and fewer have adopted the ICO’s 12 steps or the UK’s legal obligations around information risk management and data protection.

Simply, ASIRTA™  brings transparency to opaque IT supply chains and reduces the risk of corporate data loss, business interruption, reputational damage and regulatory fines.

In the face of the burden, the difficulty and the consequences highlighted above, many organisations need a solution to help them implement the effective governance required to achieve compliance.

Why we are different

We founded The Common Framework because we were tired of seeing UK organisations struggle with compliance, and we wanted to help them manage information risk better. 

ASIRTA™ helps organisations achieve large reductions in the burden of managing their information risk, and their leaders to reduce the risk, cost and liability of compliance failures, by aligning, simplifying and prioritising decision making to UK regulatory obligations and advice.

We made it our mission to make compliance simple! 

How ASIRTA works

ASIRTA™ provides a information risk compliance solution that will:

  • Allow companies to assign and delegate, across the organisation, the discovery process and the remedial work for their governance – in a clear, manageable and auditable way;
  • Show the compliance team the acts, regulations and obligations they need to be compliant with, based on the nature of their organisation;
  • Show boards how compliant they are today, in a simple, clear and complete manner – in one framework that covers all applicable regulation;
  • Show risk committees the potential implications and costs from their compliance position;
  • Help businesses to model and explore the impact of remediation choices, thus helping to prioritise remediation work to suit the resources of the business;
  • Help compliance teams to create a plan for remediation;
  • Track the progress of that plan such that it can be demonstrated in the face of regulatory scrutiny;
  • Help companies turn governance and compliance into a positive culture rather than an after-the-fact chore;
  • Help operations build governance and compliance into their day-today and end-to-end operations;
  • Give companies a single-truth view of Governance, Compliance and Information Security Risk across the whole organisation.

Perhaps above all, organisation leaders and compliance officers need a collaborative tool and a methodology that can give them professional confidence in their governance and personal peace of mind in their compliance.