Global compliance for complex teams

SOC 2 Type II

Security • Availability • Confidentiality

Industries: SaaS, FinTech

Policy generation, evidence reminders, auditor exports

SOC 1 Type II

Financial reporting controls • Service org trust

Industries: FinTech, Financial Services

Control narratives, sampling automation, variance dashboards

HIPAA / HITECH

Privacy • Security • Breach notification

Industries: Healthcare, Life Sciences

BAA templates, PHI redaction, incident logs

HITRUST CSF

Harmonized controls across HIPAA, NIST, ISO

Industries: Healthcare, Life Sciences

Inheritance mapping, maturity scoring, assessor-ready evidence packs

GDPR + UK GDPR

Article mapping • RoPA • DPIA

Industries: Global SaaS, E-commerce

Data map sync, subject request workflows

CPRA / CCPA

US consumer privacy rights • Data minimization

Industries: E-commerce, Enterprise

Do-not-sell registries, preference centers, DSAR fulfillment

ISO 27001

Annex A controls

Industries: Enterprise, Government

Risk register sync, control health scoring

ISO 27701

Privacy Information Management System add-on

Industries: Enterprise, Government

PIA workflows, processor/sub-processor attestation tracking

ISO 22301

Business continuity • Disaster recovery readiness

Industries: Enterprise, Critical Infrastructure

BCP runbooks, scenario testing schedules, auditor exports

PCI-DSS

Network • Access • Monitoring

Industries: FinTech, Payments

Control monitoring, gateway evidence collectors

NIST CSF 2.0

Identify • Protect • Detect • Respond • Recover

Industries: Critical Infrastructure, Enterprise

Tier scoring matrices, gap analysis tasks, exec-ready heatmaps

NIST SP 800-53 Rev 5

Security controls for US federal workloads

Industries: Government, Public Sector

Control tailoring, SSP automation, POA&M tracking

FedRAMP Moderate

US federal cloud authorization baseline

Industries: SaaS, Government

Boundary diagrams, continuous monitoring packets, 3PAO exports

CMMC 2.0 Level 2

DFARS / DoD supplier security expectations

Industries: Defense, Manufacturing

Assessment scoring, SPRS upload kits, remediation workflows

SOX / ICFR

Financial reporting integrity • ITGC alignment

Industries: Financial Services, Enterprise

Control ownership, walkthrough documentation, quarterly certification tracking

PIPEDA

Canadian federal privacy principles

Industries: SaaS, Healthcare

Consent models, breach logs, data residency attestations

OSFI B-13 Technology & Cyber Risk

Canadian banking guidance for resilience

Industries: Financial Services, Enterprise

Control-to-guideline mapping, vendor risk workflows, regulator-ready briefs

UK Cyber Essentials Plus

Baseline UK government security controls

Industries: Government, SaaS

Self-assessment evidence, penetration test tracking, certificate packages

NHS DSP Toolkit

UK health data security & protection

Industries: Healthcare, Public Sector

IGT submissions, safeguard attestations, incident evidence logs

Australian Privacy Act (APP)

Australian Privacy Principles for regulated entities

Industries: Enterprise, Healthcare

Collection notices, consent tracking, OAIC-ready reporting bundles

ASD Essential Eight

Australian Signals Directorate mitigation strategies

Industries: Government, Critical Infrastructure

Maturity scoring, patch cadence evidence, hardening playbooks

IRAP PROTECTED

Australian federal cloud assessment (PROTECTED level)

Industries: Government, Enterprise

IRAP assessor packages, control inheritance mapping, continuous monitoring kits

APRA CPS 234

Australian financial services cyber resilience

Industries: Financial Services, Banking

Board reporting, incident SLAs, prudential review evidence