Compliance Frameworks

Industry-leading compliance frameworks with automated control mapping and evidence collection.

SOC

SOC 2

Service Organization Control 2

The SOC 2 framework defines criteria for managing customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.

SecurityAvailabilityConfidentialityProcessing Integrity

controls

active

ISO

ISO 27001

ISO/IEC 27001:2022

International standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

Asset ManagementAccess ControlCryptographyOperations

controls

active

FedR

FedRAMP

Federal Risk and Authorization Management Program

A government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Access ControlAudit & AccountabilityConfigurationIdentification

325

controls

active

HIPA

HIPAA

Health Insurance Portability and Accountability Act

Sets national standards for the protection of individually identifiable health information, including administrative, physical, and technical safeguards.

Administrative SafeguardsPhysical SafeguardsTechnical SafeguardsBreach Notification

controls

active

GDPR

General Data Protection Regulation

EU regulation on data protection and privacy for all individuals within the EU and European Economic Area, with extraterritorial applicability.

Lawfulness of ProcessingData Subject RightsController ObligationsInternational Transfers

controls

active

NIST

NIST 800-53

NIST Special Publication 800-53

Security and privacy controls for federal information systems and organizations, providing a comprehensive catalog of security and privacy controls.

Access ControlAuditConfiguration ManagementContingency Planning

1000

controls

active

← Compliance Overview

Compliance Frameworks

Industry-leading compliance frameworks with automated control mapping and evidence collection.

SOC

SOC 2

Service Organization Control 2

The SOC 2 framework defines criteria for managing customer data based on five Trust Service Criteria: security, availability, processing integrity, confidentiality, and privacy.

SecurityAvailabilityConfidentialityProcessing Integrity

controls

active

ISO

ISO 27001

ISO/IEC 27001:2022

International standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS).

Asset ManagementAccess ControlCryptographyOperations

controls

active

FedR

FedRAMP

Federal Risk and Authorization Management Program

A government-wide program providing a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services.

Access ControlAudit & AccountabilityConfigurationIdentification

325

controls

active

HIPA

HIPAA

Health Insurance Portability and Accountability Act

Sets national standards for the protection of individually identifiable health information, including administrative, physical, and technical safeguards.

Administrative SafeguardsPhysical SafeguardsTechnical SafeguardsBreach Notification

controls

active

GDPR

General Data Protection Regulation

EU regulation on data protection and privacy for all individuals within the EU and European Economic Area, with extraterritorial applicability.

Lawfulness of ProcessingData Subject RightsController ObligationsInternational Transfers

controls

active

NIST

NIST 800-53

NIST Special Publication 800-53

Security and privacy controls for federal information systems and organizations, providing a comprehensive catalog of security and privacy controls.

Access ControlAuditConfiguration ManagementContingency Planning

1000

controls

active