Adhere to 15 out-of-the-box standards and unlimited custom frameworks

TrustCloud helps you achieve compliance with confidence. Auto-generated controls and policies help you easily adopt frameworks like SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, and more. With our common control framework and complimentary gap analysis, you can track progress toward the certifications you want now and as you grow.

All Compliance Frameworks
TrustCloud separator

InfoSec Compliance

SOC 2

SOC 2 is the most widely adopted framework for SaaS businesses in the United States. This auditing procedure assesses the controls an organization has in place to ensure the security, availability, processing integrity, confidentiality, and privacy of the data it processes for its clients.

HIPAA Security

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established national standards to protect sensitive patient health information (PHI) from being disclosed without the patient’s consent or knowledge.

ISO 27001

ISO 27001 is a globally recognized framework for governing an organization’s information security program by providing a clear set of requirements for an Information Security Management System (ISMS).

CMMC Level 1

Introduced in 2020, The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense to protect the defense industrial base from cybersecurity threats.

CMMC Level 2

Updated in 2021, The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense to protect the defense industrial base from cybersecurity threats.

SOX ITGC

SOX ITGC refers to the Information Technology General Controls controls that publicly traded companies need to implement to ensure the accuracy of their financial statementsused for financial reporting.

FedRAMP

FedRAMP, the Federal Risk and Authorization Management Program, is a government-wide initiative that provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud products and services.

NIST CSF

The National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) is a voluntary framework that provides organizations with a set of guidelines and best practices to manage and reduce cybersecurity risk.

NIST SP 800-171

NIST SP 800-171 is a set of guidelines developed by the National Institute of Standards and Technology (NIST) that provides a framework to protect the confidentiality of controlled unclassified information in nonfederal systems and organizations.

HITRUST

HITRUST is a premier security framework designed to help organizations effectively manage data, information risk, and compliance. Tailored for the healthcare industry, the framework offers definitive standards to protect sensitive health data, ensuring patient information integrity and confidentiality.

Privacy

CCPA

The California Consumer Privacy Act (CCPA) is a state law that gives California residents the right to know what personal information businesses collect about them, the right to request that their information be deleted, and the right to opt-out of the sale of their personal information.

GDPR

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that established national standards to protect sensitive patient health information (PHI) from being disclosed without the patient’s consent or knowledge.

ISO 27701

ISO 27001 is a globally recognized framework for governing an organization’s information security program by providing a clear set of requirements for an Information Security Management System (ISMS).

SOC 2 Privacy

Introduced in 2020, The Cybersecurity Maturity Model Certification (CMMC) is a framework developed by the U.S. Department of Defense to protect the defense industrial base from cybersecurity threats.

Other Frameworks

ISO 9001

ISO 9001 is a quality management standard that provides guidelines for organizations to implement a quality management system (QMS) that focuses on consistently meeting customer and regulatory requirements while continuously improving the effectiveness of the system.

Custom Frameworks

Easily create and implement custom frameworks to support your unique business needs and standards such as HITRUST, SOC 1, SOC 3, NIST 800-73, GLBA, and PCI.

All Frameworks | TrustCloud

Got Trust?™

TrustCloud makes it effortless for companies to share their data security, privacy, and governance posture with auditors, customers, and board of directors.