Compliance Trends
Compliance is not a one-time achievement -- it is an ongoing process. Guardian Pro tracks your compliance score over time, providing trend data that helps you monitor progress, detect regressions, and demonstrate continuous improvement to stakeholders and auditors.
Why Trends Matter
Point-in-time compliance scores tell you where you are today, but they do not tell the full story. Compliance trends answer critical questions:
- Are we improving? Is your team successfully closing compliance gaps over time?
- Are we regressing? Has a recent infrastructure change introduced new compliance failures?
- Are we stable? Are your scores consistent, demonstrating reliable compliance operations?
- Can we prove sustained compliance? For SOC 2 Type II and similar audits, you need to show that controls have been effective over a period, not just at a point in time.
Viewing Compliance Trends
The compliance trends chart is available on the Compliance Dashboard. It shows your compliance score history with two viewing modes:
Single-Framework View
Select a specific framework to see its score trend over time:
- Y-axis -- Compliance score (0-100%)
- X-axis -- Time (days, weeks, or months depending on your selected range)
- Score line -- Your compliance score at each evaluation point
- Trend indicator -- An overall trend direction (improving, declining, or stable)
The single-framework view is ideal for:
- Tracking progress on a specific compliance initiative
- Preparing for a framework-specific audit
- Identifying when and why a score changed
Multi-Framework View
Compare scores across all subscribed frameworks simultaneously:
- Each framework is displayed as a separate line on the same chart
- Colour-coded for easy differentiation
- Allows you to see which frameworks are improving and which need attention
The multi-framework view is ideal for:
- Getting an organisation-wide compliance overview
- Identifying which framework needs the most attention
- Demonstrating broad compliance improvement to leadership
Use the multi-framework view in executive presentations to show at a glance that your organisation is maintaining compliance across all relevant standards simultaneously.
Understanding Score Changes
When your compliance score changes, it is helpful to understand why. Common reasons include:
Score Improvements
| Cause | Description |
|---|---|
| Remediation | Fixing findings that were causing control failures |
| Exceptions created | Documenting accepted risks removes controls from the failing count |
| Resources removed | Decommissioning non-compliant resources eliminates the source of failures |
| Configuration changes | Updating resource configurations to meet control requirements |
Score Declines
| Cause | Description |
|---|---|
| New resources | Newly provisioned resources that do not meet compliance requirements |
| Configuration drift | Previously compliant resources whose configuration has changed |
| Expired exceptions | Exceptions that have expired, returning controls to the failing count |
| New accounts | New AWS accounts added to your organisation that have not been hardened |
| Framework updates | Framework version updates that add new controls or change evaluation criteria |
When you notice a score decline, open the Compliance Dashboard and filter controls by Status: FAIL to identify the specific controls that changed. Click into each control to see the affected resources and take action.
Time Ranges
You can view compliance trends across different time ranges:
| Range | Best For |
|---|---|
| Last 7 days | Monitoring the impact of recent changes or remediations |
| Last 30 days | Monthly compliance tracking and reporting |
| Last 3 months | Quarterly reviews and short-term trend analysis |
| Last 6 months | SOC 2 Type II audit periods and mid-year reviews |
| Last 12 months | Annual compliance reviews and year-over-year comparisons |
Select the desired range using the time period controls on the trends chart.
Trends and Audit Readiness
Compliance trends are a powerful tool for audit preparation and execution:
SOC 2 Type II
SOC 2 Type II audits evaluate the operating effectiveness of controls over a period of time (typically 6-12 months). Compliance trends provide direct evidence that your controls have been consistently effective throughout the audit window.
What auditors look for:
- Consistent scores without large unexplained drops
- Prompt recovery after any score declines
- An overall stable or improving trajectory
Before a SOC 2 Type II audit, review your 12-month compliance trend. If there were any significant score drops, prepare documentation explaining the cause and the corrective action taken. Auditors expect occasional fluctuations -- what matters is that you identified and addressed them promptly.
CIS Benchmark Assessments
CIS assessments are typically point-in-time, but showing a positive trend demonstrates that your organisation is committed to continuous improvement rather than treating compliance as a one-time checkbox exercise.
GDPR Accountability
GDPR Article 5(2) requires organisations to demonstrate compliance (the "accountability principle"). Compliance trends provide timestamped evidence of your ongoing data protection posture.
Trends in Multi-Account Environments
In multi-account environments, compliance trends can be viewed at different levels:
- Organisation-wide -- The aggregated score across all accounts, showing your overall compliance trajectory
- Per-account -- Individual account scores over time, useful for identifying which accounts are improving and which are lagging
Account-level trends are particularly useful for identifying accounts that were recently onboarded and may not yet have been fully hardened. Track their scores separately to measure onboarding compliance progress.
Using Trends for Governance
Setting Compliance Targets
Use historical trends to set realistic compliance targets:
- Review your current score and its trajectory.
- Set a target score and timeline (e.g., "Achieve 90% CIS compliance within 3 months").
- Track progress on the trends chart.
- Report on target achievement in governance meetings.
Detecting Regressions Early
Configure notifications to alert you when compliance scores drop below a threshold. Combined with trend monitoring, this ensures that regressions are caught and addressed quickly before they compound.
Reporting to Stakeholders
Compliance trends translate well into executive and board-level reporting:
- Monthly summaries can include a trends chart showing score trajectory
- Quarterly reports can compare scores across frameworks and accounts
- Annual reviews can demonstrate year-over-year improvement
Export trend data via compliance reports for inclusion in your governance documentation.
Correlation with Other Metrics
Compliance trends often correlate with other Guardian Pro metrics:
- Health score -- Your infrastructure health score typically moves in tandem with compliance scores, as many health factors overlap with compliance controls
- Finding count -- A reduction in active findings usually corresponds to an improvement in compliance scores
- Cost optimisation -- Addressing cost-related compliance controls (e.g., Well-Architected Cost Optimisation pillar) can coincide with actual cost savings
Use the Dashboard to see these metrics alongside your compliance trends for a holistic view of your governance posture.
Frequently Asked Questions
How often are trends updated?
Compliance scores are recalculated after every scan. Each recalculation adds a new data point to your trend history.
Can I export trend data?
Yes. Use the JSON report export to get historical compliance data in a machine-readable format suitable for custom reporting or integration with other tools.
Why does my score fluctuate slightly between scans?
Small fluctuations can occur when:
- Resources are temporarily unavailable during scanning (transient errors)
- New resources are created between scans
- Auto-scaling adds or removes resources
Consistent fluctuations within a narrow range (1-2%) are normal and do not indicate a compliance issue.