Compliance Control Library

Compliance Hub

Prebuilt control sets for SOC 2, SOX, ISO 27001, and HIPAA — with cross-framework crosswalks so you satisfy a control once and cover the equivalents. 51 mappings connect them.

Auditor-ready control sets · Cross-framework crosswalks · Import into Compliance Hub in minutes

SOC 2 (Trust Services Criteria)

AICPA

Curated subset of the SOC 2 Common Criteria (CC) used for service-organization trust reporting.

View 20 controls

SOX IT General Controls

PCAOB/SEC

Curated subset of IT general controls (ITGC) supporting Sarbanes-Oxley financial-reporting assurance.

View 15 controls

ISO/IEC 27001 (Annex A)

ISO/IEC · 2022

Curated subset of ISO/IEC 27001:2022 Annex A controls across organizational, people, physical, and technological themes.

View 20 controls

HIPAA Security Rule

HHS

Curated subset of the HIPAA Security Rule administrative, physical, and technical safeguards for ePHI.

View 14 controls

Satisfy once, cover many

The same control often appears across frameworks — SOC 2 logical access (CC6.1) maps to ISO 27001 A.5.15, the SOX access ITGC, and HIPAA §164.312(a). The library's crosswalks make that explicit, so when you import one framework and satisfy a control, Compliance Hub shows which other frameworks' requirements you've already covered — and which gaps remain.