Skip to main content

Working with hierarchical scopes

For many organizations, compliance work doesn’t unfold in a single, tidy layer. It spans multiple tiers—each with its own responsibilities and task management needs. As programs grow, a flat structure makes it increasingly difficult to stay organized and maintain a clear view of the whole picture.

Hyperproof solves this with hierarchical scopes, allowing users to transform flat lists into a flexible, multi-level structure that mirrors how their organization actually operates (e.g., Org > Region > Product). Users can scale control operations without duplication, manual work‑arounds, or loss of accountability, while managers can move effortlessly between high-level oversight and detailed reporting. The result is less cognitive load, sharper insights, and a smoother path to staying compliant at scale.

Example use case for hierarchical scopes

Luna B. Technologies, a global tech company, has three product lines (Cloud, Hardware, and Software) operates in five regions (US, EU, AUS, LATAM, and CAN). Each regional business unit must meet local regulatory standards while maintaining alignment to enterprise-wide frameworks like ISO 27001 and SOC 2.

Using hierarchical scopes, Luna B. Technologies' central compliance team defines baseline controls—like data encryption and access logs—and distributes them across a multi-level scope tree: Org > Region > Product. The regional teams can then own and manage their specific regions and products, link proof, and track freshness—while leadership monitors risk posture at any level. This eliminates duplicative work, enables localized control, and centralizes oversight for audits and executive reporting.

Hierarchical scopes allow for:

  • Multiple levels so organizations can mirror their actual structure

  • Control ownership on intermediate/middle-of-tree scope levels, enabling users at each level to manage controls and gather proof autonomously

  • Seamless integration with dashboards and health reports, enabling program-wide insights while maintaining local ownership

  • A permissions model that ensures the right team members see and act on the right controls

In this section: