de.iterate SDK: High-Level Overview
A plain-English guide to understanding what the de.iterate SDK is and what it can do for your organization.
What is the de.iterate SDK?
Think of the de.iterate SDK as a translator between your custom applications and the de.iterate GRC (Governance, Risk, and Compliance) platform.
Just like how you might use an app on your phone to check your bank balance instead of visiting the bank in person, the SDK lets software developers build tools that can read and update your compliance data automatically—without anyone needing to log into the de.iterate web interface.
In Simple Terms
| Without SDK | With SDK |
|---|---|
| Staff manually log in to update risks | Systems automatically update risks when detected |
| Someone copies data into spreadsheets for reports | Reports generate themselves from live data |
| Auditors wait for someone to gather evidence | Evidence is collected and organized automatically |
| Reminders are sent manually | Automated notifications when tasks are due |
Who Uses the SDK?
The SDK is designed for software developers who want to:
- Integrate de.iterate with other business systems (HR, IT ticketing, security tools)
- Automate repetitive compliance tasks
- Build custom dashboards and reports
- Create mobile apps or internal tools
- Connect compliance data to business intelligence platforms
You don't need the SDK if you're simply using de.iterate through its web interface—the SDK is for extending and automating the platform.
What Can You Do With It?
1. Risk Management Automation
The Problem: Keeping the risk register up-to-date requires constant manual effort.
With the SDK, you can:
- Automatically create new risks when security tools detect vulnerabilities
- Update risk ratings based on real-time threat intelligence
- Schedule automatic risk reviews and send reminders
- Generate risk reports on demand
Real-World Example:
Your security scanner finds a new vulnerability → The SDK automatically adds it to your risk register → Assigns it to the right person → Sets a review date
2. Asset Inventory Sync
The Problem: Your IT asset list in de.iterate gets outdated as devices come and go.
With the SDK, you can:
- Sync your asset register with IT management tools (like Jamf, Intune, ServiceNow)
- Automatically mark assets as decommissioned when they leave your network
- Update asset owners when employees change roles
- Track asset criticality based on usage data
Real-World Example:
A laptop is retired from your IT system → The SDK marks it as "Decommissioned" in de.iterate → Updates your compliance records automatically
3. Compliance Calendar & Task Management
The Problem: Keeping track of all compliance activities across multiple frameworks is overwhelming.
With the SDK, you can:
- Pull upcoming compliance tasks into your team's project management tools
- Automatically assign tasks based on roles or departments
- Send custom notifications through Slack, Teams, or email
- Track completion rates and identify bottlenecks
Real-World Example:
An ISO 27001 control review is due next week → The SDK creates a task in your project management tool → Notifies the responsible person → Tracks completion
4. Audit Preparation & Evidence Collection
The Problem: Preparing for audits means scrambling to gather evidence from multiple systems.
With the SDK, you can:
- Automatically collect and organize audit evidence
- Link evidence to specific controls and policies
- Track audit findings and corrective actions
- Generate pre-audit readiness reports
Real-World Example:
Auditor requests evidence for access control → The SDK pulls access logs, policy documents, and training records → Packages them with the relevant control reference
5. Custom Reporting & Dashboards
The Problem: Standard reports don't always show what leadership needs to see.
With the SDK, you can:
- Pull compliance data into business intelligence tools (Power BI, Tableau, Looker)
- Create executive dashboards showing compliance health
- Generate custom reports for different stakeholders
- Track metrics and trends over time
Real-World Example:
The board wants a monthly compliance summary → The SDK pulls data from de.iterate → Your BI tool creates a polished report → Automatically emailed to executives
6. Real-Time Notifications (Webhooks)
The Problem: Important compliance events happen, but the right people don't find out until it's too late.
With the SDK, you can:
- Get instant notifications when risks are created or updated
- Alert teams when tasks become overdue
- Trigger workflows when documents expire
- Integrate with incident management systems
Real-World Example:
A high-severity risk is added → Webhook notifies your security team in Slack → Creates an incident ticket → Starts your response workflow
How Does It Work?
The Big Picture
┌─────────────────────┐ ┌──────────────────┐ ┌─────────────────┐
│ Your Application │ ───► │ de.iterate │ ───► │ de.iterate │
│ (using the SDK) │ │ SDK │ │ Platform │
└─────────────────────┘ └──────────────────┘ └─────────────────┘
│ │ │
Your custom code Handles all the Stores your
that defines what technical details compliance data
you want to do securelyAuthentication (Security)
The SDK uses API keys to prove your application is authorized to access your data:
- Each API key is tied to your organization
- Keys can be restricted to specific permissions
- All communication is encrypted
- Activity is logged for security audits
Think of it like a special access card that lets approved software into your compliance system.
What Data Can Be Accessed?
The SDK provides access to 36 different areas of de.iterate, organized by category:
Core GRC (Governance, Risk, Compliance)
| Area | What You Can Do |
|---|---|
| Risks | Create, update, review, and archive risk register entries |
| Assets | Manage your asset inventory and track reviews |
| Assurance Tasks | Schedule and complete compliance tasks with evidence |
| Documents | Access the document library and manage reviews |
| Checklists | Manage checklist templates and completions |
| Policies | Manage policy documents, versions, and approvals |
| Processes | Document and manage business processes |
| Objectives | Track security objectives and key results (OKRs) |
Audit & Compliance
| Area | What You Can Do |
|---|---|
| Audits | Schedule audits, track progress, manage audit lifecycle |
| Findings | Record and track non-conformities and audit findings |
| Incidents | Log and manage security incidents |
| Corrective Actions | Track remediation activities linked to findings |
| Compliance Calendar | Access scheduled reviews and upcoming activities |
Controls & Frameworks
| Area | What You Can Do |
|---|---|
| Controls | View control library across frameworks (ISO 27001, SOC 2, etc.) |
| SOA (Statement of Applicability) | Track control implementation status and justifications |
| MCM (Master Control Matrix) | Map controls across multiple frameworks |
| Frameworks | Manage which compliance frameworks are active |
| SOC 2 Matrix | Access SOC 2-specific control mappings |
Data & Legal
| Area | What You Can Do |
|---|---|
| Data Retention | Manage data retention schedules and policies |
| Legal Obligations | Track legal and regulatory requirements |
| Scope | Define and manage ISMS scope |
Organization & Users
| Area | What You Can Do |
|---|---|
| Users | View team members and their roles |
| Roles | Manage role definitions and permissions |
| Company | Update organization settings and branding |
| Special Interest Groups | Manage interested parties and stakeholders |
Integration & Automation
| Area | What You Can Do |
|---|---|
| Webhooks | Set up real-time event notifications |
| API Tokens | Manage API access credentials |
| Notifications | Access and manage user notifications |
| AI Suggestions | Review and accept AI-generated task recommendations |
Third-Party & Vendor Management
| Area | What You Can Do |
|---|---|
| Vendor Scores | Get security ratings for third-party vendors |
Platform Administration
| Area | What You Can Do |
|---|---|
| Onboarding | Track user onboarding progress |
| MSP Features | Access managed service provider capabilities |
| User Reports | Access user analytics and training completion |
| Reading Progress | Track document reading and acknowledgment |
Common Questions
Is my data safe?
Yes. The SDK communicates with de.iterate over encrypted connections (HTTPS), and all access requires authentication. Your data never leaves the de.iterate platform—the SDK just provides a way to interact with it programmatically.
Do I need to be a programmer to use the SDK?
Yes, using the SDK requires software development skills. However, once a developer builds an integration, anyone can benefit from the automation.
Will using the SDK affect our de.iterate subscription?
The SDK uses the same data and features as your web interface. API usage may be subject to rate limits depending on your subscription tier. Contact de.iterate sales for details.
Can the SDK break our compliance setup?
The SDK has the same permissions as the API key used. We recommend using separate keys with limited permissions for each integration, and testing in a development environment first.
How do we get started?
- Request API access from your de.iterate account manager
- Share the technical documentation (README.md) with your development team
- Start small with a simple integration (like syncing data to a spreadsheet)
- Expand to more complex automations as you gain confidence
Use Case Examples by Industry
Financial Services
- Automatically update risk assessments when market conditions change
- Sync compliance tasks with regulatory reporting calendars
- Generate audit-ready evidence packages
Healthcare
- Link asset management to medical device tracking systems
- Automate HIPAA compliance documentation
- Track policy acknowledgments across departments
Technology Companies
- Integrate with security tools (SIEM, vulnerability scanners)
- Automate SOC 2 evidence collection
- Sync with DevOps pipelines for change management
Professional Services
- Manage client-specific compliance requirements
- Automate recurring audit preparations
- Generate compliance reports for client presentations
Getting Help
For Business Users
- Contact your internal IT/development team to discuss integration possibilities
- Speak with your de.iterate account manager about available resources
For Developers
- Technical Documentation: See README.md for complete API reference
- Examples: Check the examples folder for code samples
- Support: Email support@deiterate.com or visit the developer community
Summary
The de.iterate SDK is a powerful tool that enables automation and integration of your compliance activities. While it requires technical expertise to implement, the benefits include:
- ⏱️ Time savings through automation
- 🎯 Accuracy by eliminating manual data entry
- 📊 Visibility through custom reporting
- 🔗 Integration with your existing tools
- ⚡ Speed in responding to compliance events
Whether you're looking to streamline audit preparation, keep your risk register current, or build custom compliance dashboards, the SDK provides the foundation to make it happen.
Last updated: January 2025