Six frameworks. One tool. Dedicated proof per framework.

EU AI Act

Art. 9, 11, 12, 14, 17(1)(f), Annex IV Sec. 2

Record-keeping, technical documentation, data provenance, human oversight, and risk management. August 2, 2026 deadline.

Read the coverage page →

FDA 21 CFR Part 11

11.10(a), (b), (d), (e), (f), (g), 11.100 / 11.200

System validation, record integrity, access control, audit trails, operational sequencing, device checks, and two-factor electronic signatures.

Read the coverage page →

HIPAA / HITECH

164.312 Technical Safeguards + 164.308(b)(1)

Unique user IDs, MFA, automatic logoff, encryption, audit controls, integrity verification, emergency access, and a Business Associate Agreement template.

Read the coverage page →

CMMC / NIST 800-171

AU-2, AU-3, AU-6, AU-9, AU-12 + AC, IA, SI, SC, CM

Complete Audit and Accountability family plus strong coverage across access control, identification, integrity, communications, and configuration management.

Read the coverage page →

ISO 27001 / SOC 2

A.5.33, A.8.15, A.8.24 + SOC 2 Security / Processing Integrity

Protection of records, logging, cryptography, authentication, information deletion, and the SOC 2 Security and Processing Integrity criteria.

Read the coverage page →

SOX Section 404

ICFR evidence layer: design, operating effectiveness, retention

Hash-chained audit trail for financial records, review-gate evidence for operating effectiveness, and segregation-of-duties checks.

Read the coverage page →