Adhere to 18+ out-of-the-box standards and unlimited custom frameworks

TrustCloud helps you achieve compliance with confidence. Auto-generated controls and policies help you easily adopt frameworks like SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, and more. With our common control framework and complimentary gap analysis, you can track progress toward the certifications you want now and as you grow.

All Compliance Frameworks
TrustCloud separator

InfoSec Compliance

SOC 2

SOC 2 is the most widely adopted framework for SaaS businesses in the United States. This auditing procedure assesses the controls an organization has in place to ensure the security, availability, processing integrity, confidentiality, and privacy of the data it processes for its clients.

HIPAA Security

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established national standards to protect sensitive patient health information (PHI) from being disclosed without the patient’s consent or knowledge.

ISO 27001

ISO 27001 is a globally recognized framework for governing an organization’s information security program by providing a clear set of requirements for an Information Security Management System (ISMS).

CMMC Level 1

Introduced in 2020, The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense to protect the defense industrial base from cybersecurity threats.

CMMC Level 2

Updated in 2021, The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense to protect the defense industrial base from cybersecurity threats.

SOX ITGC

SOX ITGC refers to the Information Technology General Controls controls that publicly traded companies need to implement to ensure the accuracy of their financial statementsused for financial reporting.

FedRAMP

FedRAMP, the Federal Risk and Authorization Management Program, is a government-wide initiative that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services.

NIST CSF

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a voluntary framework that provides organizations with a set of guidelines and best practices to manage and reduce cybersecurity risk.

NIST SP 800-171

NIST SP 800-171 is a set of guidelines developed by the National Institute of Standards and Technology (NIST) that provides a framework to protect the confidentiality of controlled unclassified information in nonfederal systems and organizations.

HITRUST

HITRUST is a premier security framework designed to help organizations effectively manage data, information risk, and compliance. Tailored for the healthcare industry, the framework offers definitive standards to protect sensitive health data, ensuring patient information integrity and confidentiality.

ISO 42001

ISO 42001 is an international standard that provides guidance for the development, deployment, governance, and management of AI technologies.

NIST AI RMF

NIST AI Risk Management Framework (RMF) provides a voluntary framework for organizations to build trust around the design, development, use, and evaluation of AI systems and services.

CIS 18

Center for Internet Security (CIS) provide a list of security actions to help organizations reduce risk, standardize security practices, and measure their progress.

Privacy

CCPA

The California Consumer Privacy Act (CCPA) is a state law that gives California residents the right to know what personal information businesses collect about them, the right to request that their information be deleted, and the right to opt-out of the sale of their personal information.

GDPR

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established national standards to protect sensitive patient health information (PHI) from being disclosed without the patient’s consent or knowledge.

ISO 27701

ISO 27001 is a globally recognized framework for governing an organization’s information security program by providing a clear set of requirements for an Information Security Management System (ISMS).

SOC 2 Privacy

Introduced in 2020, The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense to protect the defense industrial base from cybersecurity threats.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of security standards that Visa, Mastercard, Discover Financial Services, JCB International, and American Express established in 2004. These standards secure credit and debit card transactions and help protect against identity theft.

Other Frameworks

ISO 9001

ISO 9001 is a quality management standard that provides guidelines for organizations to implement a quality management system (QMS) that focuses on consistently meeting customer and regulatory requirements while continuously improving the effectiveness of the system.

Custom Frameworks

Easily create and implement custom frameworks to support your unique business needs and standards such as HITRUST, SOC 1, SOC 3, NIST 800-73, GLBA, and PCI.

All Frameworks | TrustCloud

Got Trust?®

TrustCloud makes it effortless for companies to share their data security, privacy, and governance posture with auditors, customers, and board of directors.