Global Compliance Coverage

One platform to satisfy access review requirements across every major regulatory framework globally.

Global Frameworks & Audits

ISO/IEC 27001:2022

Full support for supplier relationship controls (Annex A 5.19) and supplier monitoring/review (Annex A 5.22).

SOC 2 (AICPA TSC)

Built for governance over third parties impacting security and logical access (Trust Services Criteria).

PCI DSS

Streamlined service-provider oversight for vendors touching cardholder data environments.

EU Cyber Resiliency Act

Ensuring compliance with upcoming EU requirements for digital product security and supply chain integrity.

Europe (EU-wide)

GDPR

Automated evidence for audit/inspection rights, making vendor audit compliance a standard process.

NIS2 Directive

Comprehensive tools for expanded supply-chain and third‑party risk management expectations.

DORA

Financial services ICT third‑party risk management across due diligence, contracting, and ongoing monitoring.

North America

NYDFS (23 NYCRR 500)

Support for third‑party service provider security policies with due diligence and periodic assessments.

HIPAA

Vendor safeguards and audit/evidence readiness for PHI handling via Business Associate Agreements.

CMMC 2.0

Subcontractor assurance for US DoD supply chain 'flow down' requirements handling FCI/CUI.

Executive Order 14028

Meeting US federal software supply chain expectations and SBOM security requirements.

OSFI Guideline B-10

Third‑party risk management for federally regulated financial institutions in Canada.

PIPEDA & Law 25

Canadian accountability principles and tightened outsourcing safeguards for service-provider agreements.

Australia

APRA CPS 234

Assurance of third parties that manage/hold information assets in the financial sector.

SOCI Act + CIRMP

Supply chain hazard consideration and supplier scrutiny for critical infrastructure.

Cyber Security Act 2024

Ransomware reporting readiness and stronger vendor evidence collection obligations.

Country Specific (UK & Europe)

UK NIS & Cyber Bill

Supply-chain resilience and designation of critical suppliers with direct security obligations.

Germany IT Security Act 2.0

BSIG 'critical components' provisions requiring increased supplier scrutiny and assurance.

France LPM / OIV

ANSSI-aligned rules for operators of vital importance involving formal audits and reviews.

Italy Perimetro Nazionale

Heightened compliance and supplier assurance expectations for designated national entities.

Compliance Without Complexity

Built to make auditors happy and your life easier.

Framework-Agnostic Evidence

Generate a single evidence package that maps to multiple controls across different frameworks simultaneously.

Custom Certification Workflows

Design review processes that match your internal policies, from simple self-certifications to multi-stage manager approvals.

Multi-Jurisdiction Reporting

Filter and export audit data based on user location or data residency requirements to satisfy local regulations.