Security frameworks
Map your controls to industry frameworks using this template.
Framework overview
SOC 2
- Coverage: Security, Availability, Confidentiality.
- Status: Certified
- Notes: Bridge letter available for periods between audits.
ISO 27001
- Coverage: Annex A controls mapped to internal policies.
- Status: In progress
- Notes: Certification target: Q1 2026 with quarterly readiness checkpoints.
GDPR
- Coverage: Lawful bases documented per processing activity.
- Status: Certified
- Notes: Data Protection Impact Assessments (DPIAs) required for new high-risk features.
NIST CSF
- Coverage: Identify, Protect, Detect, Respond, Recover functions.
- Status: Certified
- Notes: Regular updates and reviews.
Mapping table (optional)
| Function / control family | Key activities | Source doc |
|---|---|---|
| Identify | Asset inventory, risk assessments | Security governance |
| Protect | Access controls, encryption, secure SDLC | Security policies |
| Detect | Logging, anomaly detection, alerting | Monitoring plan |
| Respond | Incident response playbooks, communication | IR plan |
| Recover | Backup testing, post-incident reviews | Business continuity plan |
Last reviewed: Security governance · 2025-09-10