The Compliance Engine is a generic solution for continuous compliance assessment on a process and document management platform. It can be applied to laws, standards, procedures, corporate objectives, ISOs, SLAs, sustainability indexes, etc.

CE location outline

What it offers

A system that oversees compliance with external and internal requirements, the latter of which are frequently more stringent than the former.

Notably reduces the time spent by individuals to gather information and prepare compliance reports.

Provides traces and well organised evidence (no more interviews, emails or endless telephone calls).


  • Manual collection of data and evidence.
  • Automatic integration of data and evidence from third party systems.
  • Automatic evaluation of compliance with indicators/requirements and standards.
  • Tracking of non-compliances and management of alarms and deadlines.
  • Management of reports/incidents.
  • Can build compliance dashboards for one or all of the standards and display the entity’s overall level of compliance.
  • Accreditation of performance through internal and external audit and certification processes.
  • Allows the entity to autonomously maintain its regulatory compliance matters using a simple interface.

Application scenarios

  • Level 1 – CRIMINAL RISK PREVENTION: Continuous evaluation of criminal risk prevention indicators in collaboration with the Pluslegal Abogados law firm.
  • Level 2 – BUSINESS CONTINUITY: Identification and neutralisation of risks that affect business continuity and that could partially or completely paralyse the company’s operations.
  • Level 3 – OPERATIONAL COMPLIANCE: Monitoring the fulfilment of obligations and commitments to clients and the government in order to avoid monetary fines and penalties.
  • Level 4 – OPERATIONAL IMPROVEMENTS: Identification of opportunities for improving the productivity and efficiency of the company’s productive and management processes.


  • Compliance engine (brochure)

Compliance Engine applied to “CRIMINAL RISK PREVENTION” (CRP)

What it resolves

This is a parameterisation of the CE with the Criminal Risk Prevention standard with the full set of specific requirement for measuring compliance with crime prevention measures. The advantages it offers are as follows:

  • The very existence of this system shows that the company has taken the necessary measures to prevent criminal conduct.
  • The gathering of evidence and the traceability of information facilitate the auditing and certification process.
  • Easy maintenance of standards and indicators by the company.


  • The work is distributed collaboratively by roles.
  • Manages the information-gathering process, declaration of non-compliances and tasks associated with correcting them.
  • Manages the CRP reporting and incident process.
  • Pluslegal Abogados provides criminal law advice for proper adaptation to the company’ situation.
  • In addition, with the expansion of the CRP standard with new indicators, this will facilitate the ISO 19600 – Compliance Management Systems certification in the future.


Legal notice: Following the reform of the spanish Penal Code introduced in article 31 bis of Law 1/2015 and Circular 1/2016 issued by the state’s attorney on the criminal liability of legal entities, legal representatives, persons with decision-making authority and those with the power to organise and control the company can be held criminally liable, which means there is a possibility that they could be convicted for their employees actions.

Example of criminal risk prevention requirements for the banking sector

Graphic depiction of the status of CRP compliance

Other regulations under development

At Cibernos, we are working on the development of sets of requirements and indicators (controls) to monitor other regulations and ISOs, the most relevant of which are as follows:

Healthy companyHealthy company according to AENOR standardsYes
ISO 19600Compliance management systemsYes, soon
ISO 37001Anti-corruptionYes
DJSIDow Jones Sustainability IndexNo
ISO 22301Business continuityYes
ISO 27001Information securityYes