AnkosDocs
The App

The Onboarding Wizard

The five questions Ankos asks when you sign up, and what each one changes in your compliance ledger.

When you sign up, Ankos runs a five-question wizard that configures your ledger before you ever see it. The goal is to skip the "blank spreadsheet" moment — you land on a ledger that already reflects your company, not a generic template.

You can skip any question. Skipped answers fall back to safe defaults (full scope, no assignments, no target date). Every choice can be adjusted later.

Question 1 — How do customers pay you?

Options: hosted-only, tokenized, in-person, multi-channel, other.

What it changes. If you answer hosted-only (your customers pay on a hosted Stripe / Braintree / Adyen page and card data never touches your infrastructure), Ankos marks the following entries as not_applicable with a pre-filled justification:

  • CHD-01, CHD-02.1, CHD-03, CHD-04 — cardholder data storage and handling
  • MED-01 — media controls for stored cardholder data

Question 2 — Where does your infrastructure run?

Options: AWS-only, GCP-only, multi-cloud, physical, other.

What it changes. If you answer AWS-only, GCP-only, or multi-cloud (no physical data center or on-premise servers), Ankos marks the following entries as not_applicable:

  • MED-01 — physical media handling
  • PCL-01 — PCs and laptops in a physical CDE

Question 3 — When is your target assessment date?

Options: under 30 days, 1–3 months, 3–6 months, 6+ months, none yet.

What it changes. Ankos computes a target completion date and writes it on the cycle. If you answer under 30 days, these long-lead items are flagged as Priority 1 so you start them immediately:

  • POL-01, POL-02, POL-03 — policy authoring
  • TRN-01 — security awareness training rollout
  • AS-02.3 — incident response plan

Question 4 — Who handles infrastructure and security configs?

A single email address. This person is pre-assigned as owner of the infrastructure-heavy categories: Servers, Network Devices, Key Management, Log Management, MFA, Intrusion Detection, FIM, Cloud Service Providers, VPN, WAF, Patching, and Antivirus.

If the email isn't an existing Ankos user, they get a branded invite email (as Editor) with context about what they'll own.

Question 5 — Who handles policies, training, and compliance docs?

A single email address, or a checkbox for "same as infrastructure owner." This person owns: Policies & Standards, Training, Reviews, PCI Documents, Employees & Contractors, Support, Customers, and Assessments.

If the same person owns both, the two assignments are combined into a single invite with the total entry count.

The completion screen

After the wizard runs you'll see a summary with:

  • In-scope — total entries you'll actually work on
  • Marked N/A — entries scoped out based on your answers
  • Assigned to each owner — broken down by role
  • Unassigned — anything not covered by the two owners, assignable from the ledger later
  • Priority 1 — urgent-bucket items (only if you chose "under 30 days")
  • Your top 3 priorities — personalized starting points

You can re-run none of this; all state lives in the ledger and is editable from the cycle detail and entry detail pages.

Next steps

Compliance Ledger

Cycles, entries, DRL categories, and the six states.

Team and roles

How invites work and who can do what.

SaaS Quickstart

Sign up, answer five questions, and see your compliance ledger populate with evidence in under five minutes.

The Compliance Ledger

Cycles, entries, DRL categories, custom categories, and the six states every entry moves through.

On this page

Question 1 — How do customers pay you?Question 2 — Where does your infrastructure run?Question 3 — When is your target assessment date?Question 4 — Who handles infrastructure and security configs?Question 5 — Who handles policies, training, and compliance docs?The completion screenNext steps