Start with "about 30 devices."
End with a signed audit.
You don't need perfect data to start. You don't need every policy written. You don't need a compliance team. Start with what you know. The system guides you.
How Real Compliance Actually Works
"Client has about 30 devices across two offices."
→ That's enough. System creates scopes.
Upload CSV from their MDM.
→ Scopes auto-calculate. Counts update.
Start checking off evidence. Link their existing password policy PDF.
→ Progress bar moves. Gaps shrink.
Print the evidence pack.
→ Auditor-ready.
Nobody goes from zero to perfect in one step. ECP is designed for the messy middle.
Forward References
Reference a scope that doesn't exist yet? Fine — the system marks it "to define" and keeps going. Define controls first, entities later. Work top-down or bottom-up.
You're never blocked.
Every Other Tool Demands Perfection
"Fill in all 47 required fields to continue."
"Upload evidence before saving this control."
"Define all entities before generating a report."
That's why compliance projects stall.
ECP says: "Write what you know. We'll figure out the rest together."
