top of page

Zyalto Product Tour

Zyalto is a compliance operations system built for MSPs and in-house teams that are tired of guessing, scrambling, and reinventing the wheel for every audit.

Instead of duct-taping spreadsheets, shared drives, and ad-hoc documents, Zyalto gives you:

  • A shared language of controls (AssureCards)

  • Apps to manage questions, answers, and evidence (Dossier PRO, Evidence Builder)

  • Content that accelerates every engagement (Domain Evidence Decks & Playbooks)

  • An MSP command center (MSP Compliance Dashboard)

  • And a roadmap toward AI-assisted audit fulfillment (Zyalto Aria™)

 

This page walks through each piece and shows how they fit together.

​

1. The Zyalto Ecosystem at a Glance

Think of Zyalto as four layers that stack on top of each other:

​

  1. Control Intelligence Layer – AssureCard Libraries (ACL Core, NIS2, DORA, GDPR, HIPAA…)

  2. Application Layer – Dossier PRO Core+, Evidence Builder, MSP Compliance Dashboard

  3. Content Layer – Domain Evidence Decks (DEDs), EST (Evidence Sample Templates), Incident Playbooks

  4. AI Layer (Roadmap) – Zyalto Aria™: AI audit assistant that accelerates every step

 

Everything shares the same “brain”: the AssureCard Library. That’s why the experience feels coherent instead of like five separate tools.

​

2. AssureCard Library (ACL)

The brain behind Dossier and Evidence Builder

At the core of Zyalto is the AssureCard Library – a structured set of “AssureCards” that each represent a real auditor question.

​

Each AssureCard includes:

  • Auditor Question – title of the card; what the auditor will literally ask

  • Best-Practice Answer – a 3–4 sentence response that would satisfy a reasonable auditor

  • Evidence Recommendations – 3–5 specific artifacts that prove the answer

  • Regulatory / Framework Mappings – mappings to frameworks (e.g., NIST, SOC 2, ISO, NIS2, HIPAA)

  • Aliases – alternate phrasings to improve search and matching

  • (Planned) Evidence Type Tags (policy, log, report, config, system-generated, etc.)

 

Today, ACL Core:

​

  • ~4,500+ AssureCards

  • ~60+ control domains (Access, Backup, Incident Response, Vendor Management, etc.)

 

On top of Core, you’ll offer framework-specific ACLs such as:

​

  • NIS2 / DORA / GDPR (EMEA financial and critical infrastructure coverage)

  • HIPAA (healthcare, PHI protection, audit control)

 

Each add-on ACL plugs into the same interface, using the AssureCard model.

​

 

 

 

 

 

 

 

 

 

 

A table or card view showing a single AssureCard with question, answer, evidence recommendations, and mappings.

3. Dossier PRO Core+

Turn auditor questions into structured, editable answers

​​​​​​​​​​​​​Dossier PRO is where most users will start: a single-file HTML application that loads the AssureCard Library and lets you:

​

  • Search by question text, keywords, or aliases

  • Upload an auditor’s question worksheet (CSV)

  • Automatically match questions to AssureCards

  • Edit answers so they reflect the customer’s actual environment

  • Queue AssureCards for export and deliver them back to the auditor as a fulfillment package

 

Key capabilities in Dossier PRO Core+:

  • Pre-loaded ACL Core – 4,500+ controls out-of-the-box

  • Type-ahead search – find AssureCards by words auditors actually use

  • Auditor CSV upload – match their worksheet against your library in one shot

  • Thumbnail workflow – see all matched AssureCards as thumbnails, edit them one-by-one

  • Per-card actions:

    • Edit

    • Queue for export

    • Print current card

  • Counters & status:

    • AC Count (AssureCards loaded)

    • Domain Count (how many control domains you’re touching)

    • Queue Count (how many cards are ready to send)

    • No Match Count (questions that didn’t find an AssureCard)

  • Session Save/Load – save an entire engagement (e.g., “Molina_11_09_2025.dossier”) and reload it later

 

Dossier PRO Core+ also supports reference numbers from the auditor’s sheet. When a question matches an AssureCard, the reference ID is stored with the card. That ID later becomes the bridge between:

  • Auditor’s question

  • Dossier PRO’s answer

  • Evidence Builder’s documents

​

4. Zyalto MSP Compliance Dashboard

One pane of glass for MSPs across all clients

The MSP Compliance Dashboard is designed for service providers who manage compliance for multiple customers.

Where Dossier is about one client and their audit, the Dashboard is about all clients and all audits:

​

​

​

​

​​​​​

​

​

​

​​​

​

​

​​

  • List of all clients with:

    • Readiness score

    • Frameworks in play (Core, NIS2, HIPAA, etc.)

    • Status (Ready, In Progress, Gaps Open, At Risk)

    • Last activity

  • Filters by framework (Core, NIS2, HIPAA)

 

Client Drilldown

 

Click a client to see:

  • Readiness score / 100

  • Open gaps (High / Medium)

  • Evidence coverage (%)

  • Framework coverage (e.g., Core 90%, HIPAA 76%)

  • Domain-level scores (Access, Backup, Incident, Vendor, etc.)

  • Narrative summaries and gap statements

  • Active Dossier/Evidence sessions (e.g., “HIPAA Security Review”, “NIS2 Gap Assessment”)

​

Timeline & Risk Panels

​

  • Upcoming Audits – next 30–60 days across all clients

  • Top Risk Domains – where gaps appear most frequently across your portfolio

 

MSP Settings & Profile

 

A slide-out MSP Settings Panel lets you configure:

  • MSP name / contact info

  • Default framework filters and landing view

  • Theme (Dark/Light)

  • Preferred evidence style (EST vs raw vs mixed)

  • Aria enable/disable toggles

​

​​​​​​​​​​​​5. Evidence Builder & EST (Evidence Sample Templates) — Roadmap

From recommendations to real evidence

Dossier tells you what evidence is needed.
Evidence Builder will help you track what you already have and what’s missing.

 

Planned capabilities:

​

  • Load a DES / DED Catalog of available documents:

    • Document ID

    • Title

    • Domain

    • Evidence type (policy, log, report, config, system-generated, etc.)

  • Cross-reference AssureCard evidence recommendations with:

    • Evidence you already have

    • Evidence you don’t yet have

    • Evidence you can buy as EST templates

 

Evidence Builder will:

  • Show coverage maps: which recommendations have documents attached

  • Highlight gaps where no sample exists

  • Indicate system-generated artifacts vs user-authored documents

  • Help MSPs and clients assemble Evidence Packs tied to auditor reference numbers

 

EST – Evidence Sample Templates

Over time, Zyalto will ship a library of ESTs: documents that are designed to directly satisfy evidence recommendations.

​

Examples:

  • “Application Timeout Configuration Report”

  • “Reverse Proxy Configuration Summary”

  • “Token Revocation Log Review Note”

 

These can be:

  • Sold as per-domain DEDs (Domain Evidence Decks)

  • Or bundled as part of higher-tier Evidence Builder packages

​

​

​​

​

​

​

​

​

​

​

​

​

​

​​​

6. Domain Evidence Decks (DEDs) & Service Library

Deep libraries per domain

Zyalto already invests heavily in Domain Evidence Decks – curated sets of documents per control domain (Access Management, Asset Management, Incident Response, etc.).

Each DED includes:

  • Policies

  • Procedures

  • Runbooks

  • Forms / logs / checklists

  • Incident reports

  • Configuration templates

  • And more

 

In the future:

  • Some DED documents will be one-to-one EST matches for AssureCard recommendations

  • Other documents will form part of a Domain Service Library – a broader set of reusable materials for projects beyond a single audit

 

This gives you two revenue and value streams:

  1. Compliance-focused evidence decks (EST-aligned)

  2. Service-library content for general program-building projects

 

7. Playbooks (Breach, Data Exfiltration, Ransomware, etc.)

When things go wrong, you already have the script

 

Playbooks cover high-stakes scenarios where you don’t have time to figure things out from scratch:

  • Breach Management Playbook

  • Data Exfiltration Response Playbook

  • Ransomware Playbook

  • (and others over time)

 

Each includes:

  • Trigger conditions & severity criteria

  • Roles & responsibilities

  • Phased response steps

  • Communication templates (internal, external, regulators, customers)

  • Post-incident review guidance

 

These playbooks:

  • Support Dossier PRO answers (e.g., “Show us your incident process”)

  • Generate evidence directly (e.g., IRP-006, IRP-014)

  • Fit into the Domain Service Library strategy

 

8. Zyalto Aria™ – AI Audit Assistant (Roadmap)

From manual grind to guided, AI-accelerated workflows

 

Zyalto Aria™ is the AI layer that sits across Dossier, Evidence Builder, and the MSP Dashboard.

Today’s prototype-style behavior:

  • Summarizes client posture

  • Highlights weak domains

  • Suggests next working session priorities

 

Future capabilities:

  • Read an auditor question worksheet and:

    • Match questions to AssureCards

    • Draft best-practice answers adapted to the client

    • Suggest or attach EST evidence samples

  • Auto-generate:

    • Gap lists

    • Remediation plans

    • Status emails and management summaries

  • Continuously learn from:

    • Completed audits

    • What evidence actually satisfied which questions

    • MSP patterns and preferences

 

The long-term vision:
A customer uploads their auditor question sheet and — supported by Aria — receives a structured audit response package with mapped questions, answers, and evidence, all grounded in the Zyalto stack.

​

9. How Everything Works Together (End-to-End Story)

Here’s a simplified journey:

  1. An auditor sends a worksheet.

  2. The MSP or customer loads it into Dossier PRO Core+.

  3. Dossier matches questions to AssureCards and brings back best-practice answers and evidence recommendations.

  4. The user edits AssureCards, queues them, and exports an audit fulfillment report.

  5. In parallel, Evidence Builder maps recommended evidence to actual documents and EST templates from DEDs.

  6. The MSP uses the MSP Compliance Dashboard to see:

    • Overall readiness

    • Gaps across clients

    • Upcoming audits

    • Where Aria suggests they focus next

  7. For complex incidents (breach, data exfiltration, ransomware), they also rely on Playbooks for response and documentation.

  8. Over time, Zyalto Aria™ automates more of this, turning Zyalto into a semi-autonomous audit operations platform.

 

10. Who Zyalto is For

  • MSPs & MSSPs

    • Want to add recurring compliance offerings

    • Need to manage multiple clients in parallel

    • Want a repeatable, profitable, evidence-driven service model

  • CISOs / Compliance Leaders

    • Need to be audit-ready year-round

    • Want clean mappings between controls, documentation, and evidence

  • Consultants & Fractional vCISOs

    • Want repeatable methods instead of creating everything from scratch

    • Want to show clear progress, metrics, and coverage

 

Need More Information? Visit our Product Matrix to view products and pricing.  Have questions? Email me at dcote@zyalto.com or call me directly at 661-816-1875. 

zyalto pro light.png
msp_compliance_dashboard.png
evidence builder.png

KnowledgeAlign 
Information Design | Development | Training | Knowledge Management | Audit Response Management | Documentation Platform Architecture | Compliance Management | IT and MSP Documentation

Subscribe Form

Thanks for submitting!

dcote@knowledgealign.com

661-816-1875

5409 Veneto St.  Bakersfield, CA 93308

  • LinkedIn

Copyright 2024 David R. Cote

SlicProcess, KnowledgeAlign, AssureSphere360, and Zyalto are trademarks of David R. Cote

​

Privacy Policy

bottom of page