Skip to main content

Compliance Frameworks

32+ Compliance Frameworks in One Platform

From information security to GxP, privacy to quality management — everything your GRC team needs.

Security & IT

ISO 27001:2022

Information Security Management

Full ISMS with 93 Annex A controls. SOA generation, internal audits, risk assessments, control mapping, gap analysis, and certification readiness.

Risk ManagementControl LibrarySOAInternal AuditsPolicy ManagementAsset Management

SOC 2 Type II

Trust Services Criteria

All 5 trust service categories (Security, Availability, Processing Integrity, Confidentiality, Privacy). Continuous control monitoring and evidence collection.

Control LibraryEvidence CollectionAudit ManagementPolicy Management

ISO 27017

Cloud Security Controls

Cloud-specific security controls extending ISO 27001 for cloud service providers and customers.

Control LibraryCloud Assessment

ISO 27018

Cloud Privacy

PII protection in public clouds. Extends ISO 27001 with cloud privacy-specific controls.

Control LibraryPrivacy Assessment

NIST CSF

Cybersecurity Framework

Identify, Protect, Detect, Respond, Recover functions with 108 subcategories. Cross-mapped to ISO 27001.

Control LibraryRisk ManagementIncident Response

PCI-DSS

Payment Card Industry

12 requirements for cardholder data protection. SAQ generation and compliance tracking.

Control LibraryVendor ManagementAudit Management

CIS Controls

Critical Security Controls

18 prioritized cybersecurity controls. Implementation group tracking (IG1/IG2/IG3).

Control LibraryVulnerability Management

TISAX

Automotive (VDA)

German automotive industry information security assessment. ISA catalog compliance.

Control LibraryAssessment Management

Cyber Essentials

UK Government Standard

UK mandatory cybersecurity certification scheme. 5 technical security controls.

Control LibrarySelf-Assessment

FedRAMP

US Federal Cloud

US federal government cloud security authorization. NIST 800-53 based controls.

Control LibraryContinuous Monitoring

Privacy Regulations

GDPR

EU General Data Protection

Full GDPR compliance — DPIAs, DSR management, RoPA, consent management, breach notifications, data flow mapping, cookie scanning, Privacy by Design assessments.

DPIADSR ManagementConsent ManagementCookie ScannerRoPAData Flow MappingPrivacy by DesignBreach Management

CCPA/CPRA

California Consumer Privacy

Consumer rights management, opt-out mechanisms, "Do Not Sell" tracking, data deletion workflows.

DSR ManagementConsent ManagementData Inventory

LGPD

Brazil Data Protection

Brazilian privacy law compliance with DPO requirements, consent management, and cross-border transfer safeguards.

DSR ManagementConsent ManagementData Flow Mapping

PIPEDA

Canada Privacy

Canadian privacy compliance with fair information principles and consent requirements.

DSR ManagementConsent Management

POPIA

South Africa Privacy

Protection of Personal Information Act compliance with information officer registration.

DSR ManagementConsent Management

Amendment 13

Israel Privacy Law

Israeli Privacy Protection Regulation with database registration and cross-border transfer controls.

DSR ManagementData Flow MappingConsent Management

ISO 27701

Privacy Information Management

PIMS extension to ISO 27001 — privacy-specific controls for both controllers and processors.

Control LibraryPrivacy AssessmentData Flow Mapping

Healthcare

HIPAA

US Healthcare

Privacy Rule, Security Rule, and Breach Notification Rule. Administrative, physical, and technical safeguards.

Control LibraryRisk ManagementIncident ResponsePolicy Management

ISO 27799

Health Informatics

Healthcare-specific guidance for ISO 27001 implementation in health organizations.

Control LibraryRisk Management

Life Sciences / GxP

FDA 21 CFR 210/211

GMP (US)

Current Good Manufacturing Practice for pharmaceutical manufacturing. 37 controls covering personnel, facilities, equipment, production, lab controls, records, and distribution.

Control LibraryCAPATraining ManagementChange ControlSupplier QualificationE-Signatures

EU GMP

GMP (European Union)

European Union Good Manufacturing Practice — Annex 1-20 covering sterile manufacturing, APIs, radiopharmaceuticals, and more.

Control LibraryCAPATraining ManagementChange Control

ICH Q7

API GMP

Good Manufacturing Practice for Active Pharmaceutical Ingredients. Quality management, personnel, buildings, process controls.

Control LibraryCAPASupplier Qualification

ICH Q10

Pharmaceutical Quality System

Pharmaceutical Quality System model — process monitoring, CAPA, change management, management review, knowledge management.

Control LibraryCAPAChange ControlManagement Review

ISO 13485

Medical Devices QMS

Quality Management System for medical devices — design controls, purchasing, production, traceability, CAPA, post-market surveillance.

Control LibraryCAPATraining ManagementSupplier QualificationChange ControlDesign Controls

21 CFR Part 11

Electronic Records & Signatures

12 controls for electronic records — system validation, audit trails, access control, authority checks, e-signature components with two-factor auth.

E-Signature LogAudit TrailAccess ControlSystem Validation (CSV/CSA)

GAMP 5

Computer System Validation

ISPE GAMP 5 methodology for computerized system validation (CSV) and the newer risk-based CSA approach. Category 1-5 classification.

System Validation (CSV/CSA)Validation PlansTest Protocols (IQ/OQ/PQ)RTMPeriodic Reviews

Quality & Governance

ISO 9001

Quality Management

Quality Management System standard. Process approach, risk-based thinking, continual improvement.

Control LibraryAudit ManagementCAPAPolicy Management

ISO 90003

Software Quality

Guidelines for application of ISO 9001 to computer software development and maintenance.

Control LibraryPolicy Management

ISO 22301

Business Continuity

Business Continuity Management System — BIA, BC plans, DR testing, incident recovery.

BIABC PlansDR TestingIncident Response

ISO 42001

AI Management System

AI governance and risk management — responsible AI deployment, bias detection, transparency.

Control LibraryRisk ManagementPolicy Management

DORA

EU Financial Resilience

Digital Operational Resilience Act — ICT risk management for EU financial entities.

Risk ManagementIncident ResponseVendor ManagementBusiness Continuity

COBIT

IT Governance

IT governance and management framework for enterprise IT alignment.

Control LibraryRisk Management

What the Platform Offers for Every Framework

Control Library

2,000+ controls with cross-framework mapping

Compliance Assessments

Per-control assessment with evidence & gaps

SOA & Export

Statement of Applicability with PDF/Excel export

Compliance Score

Dynamic per-framework score with scoring strategy

Internal Audits

Audit programs, findings, CAPA & tracking

Policy Management

Policy templates, version control, approvals

Risk Management

Risk register, heat map, KRIs, AI Discovery

Executive Reports

PDF/Excel reports for audits, board, clients

Ready to get started?

Contact compliance team — Response within 2 business days