Compliance & GRC Hub

Audit-ready compliance resources for real IT teams

Practical guidance for SOC 2, ISO 27001, CIS Controls, PCI DSS, HIPAA, NIST CSF, and GDPR — evidence examples, control learning, templates, interactive tools, labs, and career paths.

  • Evidence guides
  • Control mapping
  • Benchmarks
  • GRC tools
  • Career paths

Built for IT administrators, GRC analysts, MSPs, and security leaders who need practical evidence — not theory-only compliance slides.

Compliance workspace

7 framework hubs · evidence · tools

Audit-ready

What you'll get

  • Dedicated hub per framework with evidence examples
  • Interactive checklists, mappers, and risk registers
  • Templates, tutorials, labs, and GRC career paths

Framework hubs

Pick your compliance framework

Each hub has control focus areas, audit evidence examples, quick wins, and direct links to tools, templates, labs, and guides.

Trust Service Criteria

SOC 2

Learn how to implement, document, and present controls for access, change management, monitoring, backups, incident response, and endpoint protection — with evidence auditors expect.

5

Trust criteria areas

12+

Evidence types

Type I/II

Audit paths

  • Run an access review with screenshots and sign-off
  • Document backup jobs plus a restore test
Explore SOC 2 hub
ISMS & Annex A

ISO 27001

Build ISMS literacy: risk treatment, Annex A controls, policies, asset management, supplier security, and certification readiness for security and operations teams.

93

Annex A controls

ISMS

Core system

3yr

Cert cycle

  • Draft a Statement of Applicability with owners
  • Stand up a risk register with treatment status
Explore ISO 27001 hub
Cardholder data

PCI DSS

Protect cardholder data environments with network segmentation, secure configurations, vulnerability management, logging, and QSA-style evidence practices.

12

Core requirements

CDE

Scope focus

QSA

Audit style

  • Draw a network diagram with CDE boundaries
  • Schedule quarterly ASV scans with remediation
Explore PCI DSS hub
Healthcare privacy & security

HIPAA

Security Rule safeguards, privacy workflows, risk analysis, access controls, audit logging, and breach readiness for healthcare IT and compliance teams.

3

Safeguard types

PHI

Data scope

60d

Breach notice

  • Complete an annual security risk analysis
  • Document workforce access provisioning
Explore HIPAA hub
Benchmarks & IG

CIS Controls

Turn CIS Controls and benchmarks into actionable hardening for Linux, cloud, and enterprise infrastructure — prioritized safeguards and implementation groups.

18

CIS Controls

IG1–3

Priority tiers

Linux

Benchmark focus

  • Run the CIS Linux benchmark checklist on a server
  • Harden SSH and sudo configurations
Explore CIS Controls hub
Identify · Protect · Detect · Respond · Recover

NIST CSF

Align security programs to NIST Cybersecurity Framework functions — policies, controls, metrics, and measurable outcomes across the enterprise.

5

Core functions

CSF

2.0 aligned

Tier

Maturity model

  • Map current vs target profile by function
  • Assign control owners with test frequency
Explore NIST CSF hub
Privacy & data protection

GDPR

Understand data protection principles, lawful processing, subject rights, DPIAs, breach notification timelines, and technical measures that support privacy programs.

72h

Breach notice

RoPA

Core artifact

DPIA

High-risk tool

  • Maintain a Records of Processing Activities
  • Document lawful basis for each processing activity
Explore GDPR hub

Library

All compliance resource types

Templates, tools, articles, labs, e-books, and structured roadmaps — organized so you can go from framework requirement to working proof.

Audit & compliance templates

SOC 2, ISO 27001, CIS Controls, access reviews, backup evidence, and audit-ready documentation.

  • SOC 2 evidence checklist
  • Control mapping sheet
  • Audit readiness tracker
Browse all templates

Interactive compliance tools

Checklists, control mappers, and risk registers you can use during audits and internal reviews.

  • SOC 2 evidence checklist
  • ISO 27001 control mapper
  • CIS Linux benchmark
  • Risk register builder
Open compliance tools

Compliance tutorials & evidence guides

Step-by-step articles on controls, evidence collection, Linux hardening, and operational proof.

  • SOC 2 backup evidence
  • Control implementation
  • Access review workflows
Read compliance articles

Hands-on compliance labs

Practice collecting evidence, hardening systems, and documenting controls in realistic scenarios.

  • SOC 2 backup evidence lab
  • Linux SSH hardening
  • Monitoring proof exercises
Explore labs

E-books & field guides

Downloadable guides for evidence programs, frameworks, and security operations documentation.

  • SOC 2 evidence collection guide
  • GRC starter kits
  • Audit readiness playbooks
Browse e-books

Compliance & GRC career roadmap

Structured learning from frameworks and risk through evidence, policies, and audit readiness.

  • Framework fundamentals
  • Control mapping
  • Risk registers
  • Audit evidence projects
Start GRC roadmap

Workflow

From framework to audit-ready evidence

A practical sequence used by IT and GRC teams when preparing for SOC 2, ISO 27001, PCI, or internal assessments.

01

Scope & framework

Choose SOC 2, ISO 27001, CIS, PCI, HIPAA, NIST, or GDPR scope. Define systems, owners, and audit timeline.

02

Map controls

Align organizational controls to framework requirements. Document owners, frequency, and evidence types.

03

Collect proof

Gather screenshots, logs, tickets, policies, and test results using templates and interactive checklists.

04

Present & improve

Package evidence for auditors, close gaps, and feed findings back into monitoring and hardening.