Frameworks

Map once. Comply everywhere.

Veritra maintains unified control mappings across the frameworks your customers, regulators, and board care about — so a single piece of evidence satisfies many tests at once.

US / Global174 controls

SOC 2

SOC 2 Type II

Trust Services Criteria covering security, availability, processing integrity, confidentiality, and privacy.

Global114 controls

ISO 27001

ISO/IEC 27001:2022

International standard for information security management systems with Annex A controls.

US Healthcare78 controls

HIPAA

HIPAA Security Rule

Administrative, physical, and technical safeguards for protected health information.

EU / EEA99 controls

GDPR

GDPR Readiness

European data protection regulation — lawful basis, DSARs, processor agreements, and breach notification.

Payments251 controls

PCI DSS

PCI DSS v4.0

Payment Card Industry Data Security Standard for organizations handling cardholder data.

Global38 controls

ISO 42001

ISO/IEC 42001 (AI)

Management system for the responsible development and use of AI systems.

US Federal108 controls

NIST CSF

NIST Cybersecurity Framework 2.0

Identify, Protect, Detect, Respond, Recover, Govern — the new function-based model.

California42 controls

CCPA

CCPA / CPRA

Consumer rights, opt-outs, and data minimization for California residents.

Unified Mapping

One control. Many frameworks.

Implementing access revocation once gives you credit against SOC 2 CC6.1, ISO 27001 A.9.2.6, HIPAA §164.308(a)(3), and GDPR Art. 32 — simultaneously.

▸ Control: Timely Access Revocation
↳ SOC 2 — CC6.1, CC6.2
↳ ISO 27001 — A.9.2.6, A.9.4.1
↳ HIPAA — §164.308(a)(3)(ii)(C)
↳ GDPR — Art. 32(1)(b)
↳ NIST CSF — PR.AC-1, PR.AC-4

Need a framework we haven't listed?

Talk to Compliance