SOC 2 Type II Readiness, the 36-control Internal Controls Assessment, versioned Policy Management, 400 minutes of Workforce Training, and auto-issued Diligence Certificates — all sharing one data model so cross-program work compounds instead of duplicates.
Six-pillar readiness engagement, three-tier ownership, auditor read-only access, sample testing, bridge document PDF.
SOX-style quarterly attestation, 36-control seeded template, deficiency register, audit-ready quarterly report.
Upload a SOC 2 report; CUECs extracted and gap-analyzed against your own controls automatically.
Cross-framework mapping, evidence reuse, coverage matrix, gap analysis across SOC 2, ISO 27001, NIST CSF, HITRUST, GDPR, HIPAA, PCI DSS, CMMC.
On-demand PDF with program certificates, framework coverage, vendor portfolio, risk register, training coverage, evidence index — what auditors request first.
Outbound list scrubbed against DSAR opt-outs, CCPA Do Not Sell, consent expiry, jurisdictional defaults — with hashed audit trail.
The Compliance Hub auto-issues program-level certificates daily. Embedded framework mappings. Always current.
Issued when training-track completion crosses 80% of required workforce.
Issued at 95% completion of HIPAA track. §164.530(b) and §164.308(a)(5) coverage.
Issued when ≥1 policy is published and ≥1 acknowledgement has been collected in last 12 months.
Issued per-decision with SOX-grade signoffs. Embeds COSO and NIST CSF GV.RM-2 mappings.
Issued when all TSC controls reach Operating Effectively. Becomes the bridge document for Type II audit.
Issued when RoPA published, DSAR cadence meets SLA, and DPA coverage crosses threshold.
SOC 2, SOX, ISO, HIPAA, GDPR — same evidence, same controls, same training, one Hub.