Saporo Compliance Risk is a compliance and identity risk management platform that maps over 500 controls across multiple frameworks including ISO 27001, ANSSI, CIS, and MITRE ATT&CK. The platform connects compliance requirements to identity-based security risks by analyzing permissions, misconfigurations, and access patterns. The tool provides graph-based visualization that links permissions and misconfigurations directly to compliance frameworks. It maintains a complete audit trail tracking all changes, including what was modified, who made the change, and when it occurred. This audit trail provides evidence for access reviews and remediation activities during compliance audits. Saporo calculates risk scores using two metrics: Propagation Score measures potential damage if a node is compromised based on reach to critical assets, while Attack Opportunity Score evaluates how easily attackers can compromise a node based on misconfigurations and access. Quadrant analysis identifies nodes that are easily reachable, exploitable, and high-impact for remediation prioritization. The platform continuously monitors for compliance drift and configuration changes, correlating them with compliance and risk impact. It provides real-time alerts on compliance drift, privilege changes, and high-risk modifications. Misconfiguration scores track progress over time across different frameworks and assets. Saporo includes detailed remediation guidance with optional AI assistance to accelerate fixes. It validates that permissions are actively used to reduce dormant privileges across environments.