Built for the frameworks that actually regulate you.
Starting with India and Europe — DPDP Act, GDPR and ISO 27001 — and spanning the global compliance landscape with pre-built control sets, evidence templates and crosswalks.
The three we lead with.
Customers usually start with one of these — and then crosswalk into the rest.
DPDP Act 2023
India's Digital Personal Data Protection Act. Consent management, data fiduciary obligations, breach notification, cross-border transfer.
GDPR
EU General Data Protection Regulation. RoPA, DPIAs, DSAR workflows, 72-hour breach timer, Schrems II transfer impact.
ISO/IEC 27001:2022
Information security management system. Annex A, Statement of Applicability, internal audit, recertification.
50+ frameworks shipped. New ones added every quarter.
Privacy
- DPDP Act 2023 (India)
- GDPR (EU)
- ISO/IEC 27701 (Privacy)
- CCPA / CPRA (California)
- LGPD (Brazil)
- PIPEDA (Canada)
- PDPA (Singapore)
- POPIA (South Africa)
- UK GDPR + DPA 2018
Security
- ISO/IEC 27001:2022
- SOC 2 Type I / II
- NIST CSF 2.0
- NIST 800-53 Rev. 5
- CIS Controls v8
- PCI DSS 4.0
- HITRUST CSF
- CMMC 2.0
- FedRAMP
Sectoral & regional
- HIPAA (Healthcare US)
- RBI Cybersecurity (India BFSI)
- SEBI CSCRF (India capital markets)
- NIS2 (EU)
- DORA (EU financial)
- PSD2 (EU payments)
- IEC 62443 (OT/ICS)
- NERC CIP (Energy)
AI governance
- ISO/IEC 42001:2023
- NIST AI RMF 1.0
- EU AI Act
- OECD AI Principles
- Singapore AI Verify
- ISO/IEC 23894 (AI risk)
Don't see the framework you need?
Custom frameworks ship in two weeks. Internal standards, sector-specific obligations, and contractual customer requirements all welcome.
Pick a framework. Get started.
30-minute walkthrough on your real stack. No slideware. Bring your AWS account or GitHub org if you want to see live findings.