GDPR Requirements
- Data processing inventory documented
- Lawful basis for processing identified
- Privacy notices updated and accessible
- Data subject rights procedures in place
- Data protection impact assessments conducted
HIPAA Controls
- PHI inventory and data flow mapped
- Access controls and audit logging enabled
- Encryption at rest and in transit
- Business associate agreements executed
- Breach notification procedures documented
SOC 2 Evidence
- Security policies and procedures documented
- Continuous control monitoring in place
- Evidence collection automated
- Exception management process defined
- Annual risk assessments conducted
ISO 27001 Mapping
- Information security policy established
- Asset inventory and classification complete
- Risk treatment plan documented
- Internal audit schedule defined
- Management review procedures in place