Coverage
AuditProven Shield provides full requirement coverage across six major regulatory and industry frameworks. Each framework is modeled as a typed directed acyclic graph with specific requirement nodes, relationship edges, and implementation guidance derived from official framework documentation.
Choose a framework below to see its full requirement structure, how Shield maps your policies to it, and what a typical gap analysis looks like.
Framework
SOC 2 is the dominant compliance framework for technology service organizations. Developed by the AICPA, it evaluates controls relevant to security, availability, processing integrity, confidentiality, and privacy across five Trust Service Criteria.
Framework
ISO 27001 is the international standard for information security management systems. The 2022 revision reorganized Annex A into four themes: organizational, people, physical, and technological controls, reducing the total from 114 to 93 controls.
Framework
The GDPR is the EU's comprehensive data protection regulation, effective since May 2018. It applies to any organization processing personal data of EU residents, regardless of where the organization is based.
Framework
The HIPAA Security Rule establishes standards for protecting electronic protected health information (ePHI). It applies to covered entities (healthcare providers, health plans, clearinghouses) and their business associates.
Framework
PCI DSS v4.0 is the payment card industry's data security standard, applicable to any organization that stores, processes, or transmits cardholder data. Version 4.0 introduces a customized approach alongside the traditional defined approach.
Framework
The NIST CSF provides a voluntary framework for managing cybersecurity risk. Version 2.0, released in 2024, added the Govern function and expanded applicability beyond critical infrastructure to all organizations.