Frameworks
Nine Compliance Standards
SOX 404
Financial controls, access management, segregation of duties, change management audit trails.
SOC 2
Security, availability, processing integrity, confidentiality, and privacy. Trust services criteria mapping.
HIPAA
Protected health information handling, access controls, encryption requirements, breach notification readiness.
GDPR
Data subject rights, consent management, data retention policies, cross-border transfer controls.
PCI-DSS
Payment card data handling, encryption standards, access logging, network segmentation verification.
FERPA / GLBA / NIST / CIS
Education records, financial privacy, cybersecurity framework, and Center for Internet Security benchmarks.