Frameworks

Eight frameworks ready. Unlimited more, on your terms.

ComplyIT365 ships with pre-mapped controls for the most demanded frameworks worldwide. Add your own frameworks, controls, and mappings — no code, no consultants.

ISO 27001
Global
Ready

The international standard for Information Security Management Systems (ISMS). Requires policies, risk treatment, and Annex A controls.

93 controls · 4 themes · 2022 revision

SOC 2
US-led, global
Ready

Trust Services Criteria audit developed by the AICPA. Security, Availability, Confidentiality, Integrity, and Privacy.

5 TSCs · Type I / Type II reporting

HIPAA
USA
Ready

US Health Insurance Portability & Accountability Act. Security Rule for electronic Protected Health Information (ePHI).

Administrative · Physical · Technical safeguards

PCI DSS
Global
Ready

Payment Card Industry Data Security Standard for organisations handling cardholder data.

12 requirements · 4.0 released 2022

GDPR
European Union
Ready

EU General Data Protection Regulation. Rights of the data subject, DPO, DPIA, cross-border transfer rules.

99 articles · 72-hour breach notification

NIST CSF
USA / Global
Ready

US National Institute of Standards & Technology Cybersecurity Framework. Identify, Protect, Detect, Respond, Recover.

6 functions · 2.0 released 2024

DPDP Act
India
Ready

India's Digital Personal Data Protection Act. Consent, purpose limitation, data principal rights.

Passed 2023 · Enforcement 2025+

MAS TRM
Singapore
Ready

Monetary Authority of Singapore Technology Risk Management guidelines for financial institutions.

13 chapters · Cyber, ITSM, DR

Need a custom framework?

Bring your internal control library. Import via CSV or JSON. Map it to any framework in the platform.

Talk to a compliance engineer