Efficient tracking for what's common across SOC, ISO, PCI et al?

Some compliance requirements are common, but some are not. Lots of controls overlap fully or partially. Scheduled activities vary. Plenty of attributes, artefacts, audits and other a-words need to be tracked.

I’m very interested in what you’ve found (or built) that effectively supports multi-faceted compliance processes to remove manual work, spreadsheets, errors and omissions, etc. Does it extend to legislative obligations?

For bonus points, what is your budget of people and money in this compliance area if you are a multi-certification org?

Thx :slight_smile: