Documentation
Compliance Framework
PolicyCortex provides comprehensive support for major compliance frameworks, enabling organizations to achieve and maintain compliance across multiple standards simultaneously with automated controls and continuous monitoring.
PolicyCortex Documentation: Quick Start & Setup Guide
Supported Compliance Frameworks
SOC 2
Service Organization Control 2 - Trust Services Criteria
HIPAA
Health Insurance Portability and Accountability Act
ISO 27001
Information Security Management Systems
PCI DSS
Payment Card Industry Data Security Standard
GDPR
General Data Protection Regulation
Custom Frameworks
Industry-specific and organizational frameworks
Framework Integration
Automatic Control Mapping
PolicyCortex automatically maps your cloud infrastructure and policies to compliance controls across multiple frameworks, providing unified governance and reducing implementation overhead.
policy:
name: "s3-encryption-required"
resource: "AWS::S3::Bucket"
compliance_mapping:
soc2:
- CC6.1
- CC6.7
hipaa:
- 164.312_a_2_iv
- 164.312_e_2_ii
iso27001:
- A.10.1.1
- A.13.2.3
pci_dss:
- 3.4
- 4.1
rules:
- effect: DENY
condition: bucket.encryption.enabled != true
message: "S3 bucket must have encryption enabled"
remediation:
auto_fix: true
actions:
- enable_default_encryption
- apply_kms_keyCoverage Analysis
- • Real-time compliance score calculation
- • Gap analysis and recommendations
- • Control effectiveness measurement
- • Trend analysis and reporting
- • Multi-framework dashboard views
Evidence Management
- • Automated evidence collection
- • Audit trail generation
- • Evidence archival and retention
- • Auditor-friendly reporting
- • Chain of custody tracking
SOC 2 Implementation
Trust Services Criteria Coverage
PolicyCortex provides comprehensive coverage of SOC 2 Trust Services Criteria with automated controls and continuous monitoring across all five trust service categories.
Security (CC6)
94% CoverageProtection against unauthorized access, use, or modification of information.
Availability (CC7)
91% CoverageSystem operation and performance monitoring for availability commitments.
{
"soc2_controls": {
"CC6.1": {
"description": "Logical access security measures",
"automated_controls": [
"iam-password-policy",
"mfa-enforcement",
"privileged-access-review"
],
"evidence_collection": "automated",
"monitoring": "continuous",
"last_assessment": "2024-01-15T09:30:00Z",
"compliance_status": "COMPLIANT"
},
"CC6.7": {
"description": "Data transmission and disposal",
"automated_controls": [
"encryption-in-transit",
"encryption-at-rest",
"secure-data-disposal"
],
"evidence_collection": "automated",
"monitoring": "continuous",
"last_assessment": "2024-01-15T09:30:00Z",
"compliance_status": "COMPLIANT"
},
"CC7.1": {
"description": "System availability monitoring",
"automated_controls": [
"uptime-monitoring",
"performance-alerts",
"capacity-planning"
],
"evidence_collection": "automated",
"monitoring": "continuous",
"last_assessment": "2024-01-15T09:30:00Z",
"compliance_status": "COMPLIANT"
}
}
}Multi-Framework Management
Unified Compliance Dashboard
Manage multiple compliance frameworks from a single dashboard with intelligent control mapping and automated evidence collection across all standards.
Efficiency Gains
Reduction in compliance effort through policy reuse
Control Coverage
Average control coverage across all frameworks
Audit Readiness
Continuous audit readiness and evidence collection
interface ComplianceFramework {
id: string;
name: string;
version: string;
coverage_percentage: number;
last_assessment: string;
status: 'COMPLIANT' | 'NON_COMPLIANT' | 'IN_PROGRESS';
controls: {
total: number;
implemented: number;
automated: number;
manual: number;
};
}
const frameworks: ComplianceFramework[] = [
{
id: "soc2",
name: "SOC 2 Type II",
version: "2017",
coverage_percentage: 94,
last_assessment: "2024-01-15",
status: "COMPLIANT",
controls: { total: 64, implemented: 60, automated: 55, manual: 5 }
},
{
id: "iso27001",
name: "ISO 27001:2022",
version: "2022",
coverage_percentage: 89,
last_assessment: "2024-01-10",
status: "COMPLIANT",
controls: { total: 114, implemented: 102, automated: 95, manual: 7 }
}
];Implementation Best Practices
Framework Selection
- • Start with your industry's primary requirements
- • Consider customer and vendor requirements
- • Evaluate business objectives and risk tolerance
- • Plan for framework evolution and updates
- • Assess overlap opportunities for efficiency
Implementation Strategy
- • Begin with high-impact, low-effort controls
- • Establish continuous monitoring early
- • Automate evidence collection from day one
- • Create clear ownership and accountability
- • Plan for regular audits and assessments