fact_check Module guide

SkyRay Compliance

The per-customer aviation security platform — track regulatory frameworks, fleet risk, mitigations and incidents in one place, with audit-ready evidence.

Product: SkyRay (Platform)Used by: CISO, MRO, SOC, FleetScreens shown from the live app

SkyRay Compliance turns "are we compliant and secure?" into something you can measure and prove. You install a regulatory framework, classify your assets, assign responsible people, and the platform tracks the lifecycle of every requirement, the risks behind it, the mitigations closing them, and the evidence an auditor will ask for.

dashboardThe overview dashboard

Your landing screen summarises fleet posture — open vulnerabilities by severity, top unmitigated risks, fleet status by aircraft and recent activity. Start your day here and drill into anything that needs attention.

SkyRay Compliance overview dashboard — **Overview dashboard** — fleet-wide posture at a glance. Click any tile to drill down.

timelineMain flow: from framework to evidence

The compliance lifecycle runs end-to-end inside SkyRay:

1 · Install a regulatory framework

Choose the framework that applies to you (e.g. an IATA / EASA baseline). SkyRay loads its requirements so you start from a known structure rather than a blank sheet.

Regulatory framework installed — **Framework installed** — requirements loaded and ready to map to your fleet.

2 · Classify your assets

Classify aircraft and systems so each requirement applies to the right scope. Classification drives which risks and controls are relevant.

Asset classification — **Classification** — scope each requirement to the right assets.

3 · Assign responsible persons

Every requirement needs an owner. Assign responsible persons so accountability is explicit and nothing falls through the cracks.

Approval workflow approvers — **Responsible persons** — named approvers per role (analyst, compliance officer, accountable manager) own each risk.

4 · Track the lifecycle

Each requirement moves through its lifecycle (e.g. active → in progress → met). The status reflects the underlying mitigations, so the picture is always current.

Requirement lifecycle — **Lifecycle** — live status driven by real mitigation progress.

5 · Drive mitigations & due dates

Open gaps become mitigations with owners and due dates. Anything overdue is surfaced prominently so it can't be quietly missed.

Risk treatment decision — **Treat the risk** — choose mitigate, accept, transfer or avoid; the residual rating updates live.

**Overdue banner** — overdue items are escalated visually.

6 · Log incidents

Record security incidents and link them to affected assets and requirements, so incident history feeds your risk picture and reporting.

Incidents module — **Incidents** — captured, linked and reportable.

7 · Retain evidence

Evidence is retained against each requirement, so an audit becomes a query — not a scramble to reassemble proof after the fact.

Compliance posture across frameworks — **Audit-ready posture** — each framework's compliance rolls up here; drill into a met control and the retained evidence is right there.

tips_and_updates

Role tie-ins: the CISO owns posture & approvals, MRO works vulnerabilities & mitigations, and Fleet reads fleet status. See also the Regulation & Risk screen guide.