Making compliance feel manageable,
not overwhelming.
Designed the policy management platform for Oppos. This is a cybersecurity compliance tool built for SMBs navigating audits without dedicated compliance teams.
Background
The Company ↗
Oppos provides cybersecurity compliance services to SMBs — companies that need to meet regulatory standards but don't have dedicated compliance teams.
The Problem
For a small business facing a SOC2 audit, policy management usually means a folder of Word docs. At the time, multiple features were in progress and constantly shipping: onboarding questions, template editing, policy upload, and more.
The Users
User 01
The IT Lead
Owns technical policies like access control and data security. Needs to track what's published, what's outdated, and what needs review.
User 02
The HR Manager
Owns people policies — onboarding, offboarding, role changes. Only wants to see what's relevant to HR, not 200 documents they don't own.
The Design System
Ant Design System
Oppos is built on Ant Design. I worked alongside the lead designer to build and maintain the component library, and all my design work was done within this system — ensuring consistency across the product while moving fast.
Design Decisions
Decision 01
Crafting onboarding questions that serve a system, not just the user
The onboarding form asks about company location, data handling, work structure, and compliance framework. Each answer shapes which policies get recommended and which controls apply. The questions exist because the backend needs structured data to personalise the compliance path. Asking upfront means the platform can do the heavy lifting later.
Decision 02
Two paths for two types of user scenario
The last step of onboarding asks users a simple question: do you already have policy documents, or are you starting from scratch? Rather than forcing everyone through the same path, we give them a choice upfront.
Decision 03
View and edit policy and controls all in one space
The editor uses a split layout: left for writing, right for managing. Version numbers, assigned groups, status dropdowns live in the panel — not the document body. Structured fields create a single source of truth the system can query, filter, and display on the dashboard.
Design
Fig 1: Onboarding questions that shape your compliance path
Reflections
Designing agile, designing within a system
This was my first time designing for a compliance context and working within an agile team. Frequent check-ins with developers sharpened my understanding of design handoff. It was also my first time designing within an established system for a complex product, which taught me how constraints can actually speed you up.