One platform.Every framework that matters.
Starting with the world's deepest ISO 27001 implementation, expanding to 50+ frameworks through our Unified Compliance Framework integration.
Framework Coverage
Depth first. Breadth next.
We built ISO 27001 support to a level competitors can't match. We're now expanding that same depth across every framework your organisation needs.
ISO 27001:2022
GlobalThe gold standard for information security management systems. 93 controls, full PDCA lifecycle, and the most recognized certification globally.
SOC 2Type II
North AmericaTrust Services Criteria for service organisations — Security, Availability, Processing Integrity, Confidentiality, and Privacy.
GDPREU
European UnionThe European Union General Data Protection Regulation. Data subject rights, DPIAs, breach notification, and lawful processing.
HIPAAUS
United StatesUS healthcare data protection — Administrative, Physical, and Technical Safeguards for Protected Health Information.
NIS2Directive
European UnionEU Network and Information Security Directive. Mandatory cybersecurity requirements for critical and important entities across Europe.
DORAEU
European UnionDigital Operational Resilience Act. ICT risk management, incident classification, and third-party oversight for EU financial entities.
NIST CSF2.0
United StatesNIST Cybersecurity Framework — Govern, Identify, Protect, Detect, Respond, Recover. The most widely referenced US cybersecurity guidance.
PCI DSSv4.0
GlobalPayment Card Industry Data Security Standard. 12 core requirements protecting cardholder data across any payment processing environment.
ISO 42001AI Governance
GlobalThe international standard for AI management systems. Responsible AI development, deployment, and governance — especially relevant for AI-native companies.
Unified Compliance Intelligence
Shared controls.
Zero duplication of effort.
Most compliance requirements aren't unique — they're the same controls asked in different ways. ONTRACE.AI maps overlapping requirements automatically, so you satisfy multiple frameworks from a single evidence set.
Risk Assessment
Every major framework requires a documented risk assessment process. Build once in ONTRACE.AI — map to all.
Access Control
User provisioning, least privilege, and MFA requirements span virtually every standard without exception.
Incident Management
Detection, response, and notification timelines differ — but the underlying workflow is shared across frameworks.
Supplier/Third-Party Risk
Third-party risk management is a requirement across every modern framework. One supplier register serves them all.
Powered by the Unified Compliance Framework
ONTRACE.AI's framework expansion is powered by the UCF — the world's largest compliance control mapping database. New frameworks aren't built from scratch; they're mapped through an intelligence layer that understands the relationships between controls across every major standard.