Compliance Frameworks
32+ Compliance Frameworks in One Platform
From information security to GxP, privacy to quality management — everything your GRC team needs.
Security & IT
ISO 27001:2022
Information Security Management
Full ISMS with 93 Annex A controls. SOA generation, internal audits, risk assessments, control mapping, gap analysis, and certification readiness.
SOC 2 Type II
Trust Services Criteria
All 5 trust service categories (Security, Availability, Processing Integrity, Confidentiality, Privacy). Continuous control monitoring and evidence collection.
ISO 27017
Cloud Security Controls
Cloud-specific security controls extending ISO 27001 for cloud service providers and customers.
ISO 27018
Cloud Privacy
PII protection in public clouds. Extends ISO 27001 with cloud privacy-specific controls.
NIST CSF
Cybersecurity Framework
Identify, Protect, Detect, Respond, Recover functions with 108 subcategories. Cross-mapped to ISO 27001.
PCI-DSS
Payment Card Industry
12 requirements for cardholder data protection. SAQ generation and compliance tracking.
CIS Controls
Critical Security Controls
18 prioritized cybersecurity controls. Implementation group tracking (IG1/IG2/IG3).
TISAX
Automotive (VDA)
German automotive industry information security assessment. ISA catalog compliance.
Cyber Essentials
UK Government Standard
UK mandatory cybersecurity certification scheme. 5 technical security controls.
FedRAMP
US Federal Cloud
US federal government cloud security authorization. NIST 800-53 based controls.
Privacy Regulations
GDPR
EU General Data Protection
Full GDPR compliance — DPIAs, DSR management, RoPA, consent management, breach notifications, data flow mapping, cookie scanning, Privacy by Design assessments.
CCPA/CPRA
California Consumer Privacy
Consumer rights management, opt-out mechanisms, "Do Not Sell" tracking, data deletion workflows.
LGPD
Brazil Data Protection
Brazilian privacy law compliance with DPO requirements, consent management, and cross-border transfer safeguards.
PIPEDA
Canada Privacy
Canadian privacy compliance with fair information principles and consent requirements.
POPIA
South Africa Privacy
Protection of Personal Information Act compliance with information officer registration.
Amendment 13
Israel Privacy Law
Israeli Privacy Protection Regulation with database registration and cross-border transfer controls.
ISO 27701
Privacy Information Management
PIMS extension to ISO 27001 — privacy-specific controls for both controllers and processors.
Healthcare
HIPAA
US Healthcare
Privacy Rule, Security Rule, and Breach Notification Rule. Administrative, physical, and technical safeguards.
ISO 27799
Health Informatics
Healthcare-specific guidance for ISO 27001 implementation in health organizations.
Life Sciences / GxP
FDA 21 CFR 210/211
GMP (US)
Current Good Manufacturing Practice for pharmaceutical manufacturing. 37 controls covering personnel, facilities, equipment, production, lab controls, records, and distribution.
EU GMP
GMP (European Union)
European Union Good Manufacturing Practice — Annex 1-20 covering sterile manufacturing, APIs, radiopharmaceuticals, and more.
ICH Q7
API GMP
Good Manufacturing Practice for Active Pharmaceutical Ingredients. Quality management, personnel, buildings, process controls.
ICH Q10
Pharmaceutical Quality System
Pharmaceutical Quality System model — process monitoring, CAPA, change management, management review, knowledge management.
ISO 13485
Medical Devices QMS
Quality Management System for medical devices — design controls, purchasing, production, traceability, CAPA, post-market surveillance.
21 CFR Part 11
Electronic Records & Signatures
12 controls for electronic records — system validation, audit trails, access control, authority checks, e-signature components with two-factor auth.
GAMP 5
Computer System Validation
ISPE GAMP 5 methodology for computerized system validation (CSV) and the newer risk-based CSA approach. Category 1-5 classification.
Quality & Governance
ISO 9001
Quality Management
Quality Management System standard. Process approach, risk-based thinking, continual improvement.
ISO 90003
Software Quality
Guidelines for application of ISO 9001 to computer software development and maintenance.
ISO 22301
Business Continuity
Business Continuity Management System — BIA, BC plans, DR testing, incident recovery.
ISO 42001
AI Management System
AI governance and risk management — responsible AI deployment, bias detection, transparency.
DORA
EU Financial Resilience
Digital Operational Resilience Act — ICT risk management for EU financial entities.
COBIT
IT Governance
IT governance and management framework for enterprise IT alignment.
What the Platform Offers for Every Framework
Control Library
2,000+ controls with cross-framework mapping
Compliance Assessments
Per-control assessment with evidence & gaps
SOA & Export
Statement of Applicability with PDF/Excel export
Compliance Score
Dynamic per-framework score with scoring strategy
Internal Audits
Audit programs, findings, CAPA & tracking
Policy Management
Policy templates, version control, approvals
Risk Management
Risk register, heat map, KRIs, AI Discovery
Executive Reports
PDF/Excel reports for audits, board, clients
Ready to get started?
Contact compliance team — Response within 2 business days