One evidence graph, every framework

A single passing test can satisfy controls across multiple frameworks. Add your next framework and reuse the work you've already done — instead of starting over.

Get a demo See how pricing works

SOC 2

ISO/IEC 27001

CMMC

HIPAA

GDPR

PCI DSS

FedRAMP

ISO/IEC 42001

ISO/IEC 27701

NIST AI RMF

NIS2

DORA

EU AI Act

SOX

Cyber Essentials

Custom frameworks

The cross-mapping advantage

Do the work once, prove it many times

Most frameworks ask for the same security fundamentals in different words. Instead of running a separate program per framework, you maintain one set of controls and evidence — and map it to every framework that needs it.

One control, many frameworks

Each control is defined once and linked to the framework requirements it satisfies — so a single control can answer SOC 2, ISO 27001, and more at the same time.

One test, reused everywhere

An automated test that proves a control is operating feeds every framework that control is mapped to. A passing test counts in all of them at once.

Add the next framework faster

When you add a framework, we surface what's already covered by existing evidence and what's genuinely new — so you start from your current posture, not from zero.

Breadth of coverage

Frameworks across every category you'll be asked for

Security, privacy, government, AI governance, EU resilience, and your own internal control sets — managed side by side on one evidence graph.

Security & trust

SOC 2
ISO/IEC 27001
PCI DSS
Cyber Essentials

Privacy

GDPR
ISO/IEC 27701
HIPAA

Government & defense

CMMC
FedRAMP
SOX

AI governance

ISO/IEC 42001
NIST AI RMF
EU AI Act

EU resilience

NIS2
DORA

Your own

Custom frameworks
Internal control sets

Every framework we cover

Open any framework for a plain-language explanation, who needs it, key control areas, typical effort, and how we help you get and stay compliant.

SOC 2

AICPA Trust Services Criteria for service organizations.

ISO/IEC 27001

International standard for information security management.

CMMC

U.S. DoD cybersecurity certification for the defense base.

HIPAA

U.S. rules for protecting health information.

GDPR

EU regulation governing personal data protection.

PCI DSS

Security standard for handling payment card data.

FedRAMP

U.S. program for cloud services used by federal agencies.

ISO/IEC 42001

International standard for AI management systems.

ISO/IEC 27701

Privacy information management extension to ISO 27001.

NIST AI RMF

NIST framework for managing AI risk.

NIS2

EU directive on cybersecurity for essential and important entities.

DORA

EU regulation on digital operational resilience for the financial sector.

EU AI Act

EU regulation establishing risk-based rules for AI systems.

SOX

U.S. law requiring internal control over financial reporting (IT general controls).

Cyber Essentials

UK government-backed baseline cyber hygiene scheme.

Coverage page coming soon

Custom frameworks

Bring your own control set and map it to evidence.

Coverage page coming soon

Not sure which framework to start with?

Get a demo and we'll help you map your goals to the right framework.

Get a demo Browse resources

One evidence graph, every framework

A single passing test can satisfy controls across multiple frameworks. Add your next framework and reuse the work you've already done — instead of starting over.

Get a demo See how pricing works

SOC 2

ISO/IEC 27001

CMMC

HIPAA

GDPR

PCI DSS

FedRAMP

ISO/IEC 42001

ISO/IEC 27701

NIST AI RMF

NIS2

DORA

EU AI Act

SOX

Cyber Essentials

Custom frameworks

The cross-mapping advantage

Do the work once, prove it many times

One control, many frameworks

Each control is defined once and linked to the framework requirements it satisfies — so a single control can answer SOC 2, ISO 27001, and more at the same time.

One test, reused everywhere

An automated test that proves a control is operating feeds every framework that control is mapped to. A passing test counts in all of them at once.

Add the next framework faster

When you add a framework, we surface what's already covered by existing evidence and what's genuinely new — so you start from your current posture, not from zero.

Breadth of coverage

Frameworks across every category you'll be asked for

Security, privacy, government, AI governance, EU resilience, and your own internal control sets — managed side by side on one evidence graph.

Security & trust

SOC 2
ISO/IEC 27001
PCI DSS
Cyber Essentials

Privacy

GDPR
ISO/IEC 27701
HIPAA

Government & defense

CMMC
FedRAMP
SOX

AI governance

ISO/IEC 42001
NIST AI RMF
EU AI Act

EU resilience

NIS2
DORA

Your own

Custom frameworks
Internal control sets

Every framework we cover

Open any framework for a plain-language explanation, who needs it, key control areas, typical effort, and how we help you get and stay compliant.

SOC 2

AICPA Trust Services Criteria for service organizations.

ISO/IEC 27001

International standard for information security management.

CMMC

U.S. DoD cybersecurity certification for the defense base.

HIPAA

U.S. rules for protecting health information.

GDPR

EU regulation governing personal data protection.

PCI DSS

Security standard for handling payment card data.

FedRAMP

U.S. program for cloud services used by federal agencies.

ISO/IEC 42001

International standard for AI management systems.

ISO/IEC 27701

Privacy information management extension to ISO 27001.

NIST AI RMF

NIST framework for managing AI risk.

NIS2

EU directive on cybersecurity for essential and important entities.

DORA

EU regulation on digital operational resilience for the financial sector.

EU AI Act

EU regulation establishing risk-based rules for AI systems.

SOX

U.S. law requiring internal control over financial reporting (IT general controls).

Cyber Essentials

UK government-backed baseline cyber hygiene scheme.

Coverage page coming soon

Custom frameworks

Bring your own control set and map it to evidence.

Coverage page coming soon

Not sure which framework to start with?

Get a demo and we'll help you map your goals to the right framework.

Get a demo Browse resources