Compliance Framework Support
CaseBender includes native support for major compliance frameworks. Each framework implementation includes control mapping, automated evidence collection, gap analysis, and reporting — built directly into the platform, not bolted on.Framework Matrix
| Framework | Standard | Implementation | Evidence Collection | Reporting |
|---|---|---|---|---|
| SOC2 Type II | AICPA TSC 2017 | Trust Service Criteria mapping, control testing, attestation management | Automated collectors, 3-year retention | Audit period reports, gap analysis |
| ISO 27001:2022 | ISO/IEC 27001:2022 | Full Annex A controls, Statement of Applicability, risk register | Automated collectors, evidence review | Internal audit reports, management review |
| GDPR | EU 2016/679 | Articles 5-88 coverage, DSAR management, consent lifecycle | PII registry, processing activity records | Breach notification, DPIA reports |
| CMMC Level 2 | NIST SP 800-171 | 110 practices across 14 domains, SPRS scoring | Automated collectors, POA&M tracking | Assessment reports, SPRS score history |
| FedRAMP Moderate | NIST SP 800-53 | 325 controls, continuous monitoring, SSP management | Automated collectors, ConMon reports | Authorization packages, SAR reports |
| HIPAA | 45 CFR 160-164 | Security Rule safeguards, breach notification, BAA management | PHI access logging, training records | Disclosure reports, risk assessments |
| PCI DSS v4.0 | PCI SSC | 12 requirements, 78 sub-requirements | Automated collectors, control testing | Assessment reports, gap analysis |
| Export Control | EAR / ITAR | ECCN classification, denied party screening, country controls | Screening logs, license tracking | Transfer reports, compliance dashboards |
| EU AI Act | EU 2024/1689 | AI system registration, risk assessment, conformity | Incident reports, oversight records | Risk assessments, transparency reports |
| Legal Hold | FRCP / eDiscovery | Litigation preservation, custodian management | Evidence chain of custody | Hold status reports, compliance verification |
How Compliance Works in CaseBender
Control Mapping
Each framework’s controls are mapped to CaseBender features and configurations. You can see exactly which platform capabilities satisfy which compliance requirements.
Evidence Collection
Automated collectors gather evidence from the running platform — audit logs, configuration snapshots, access records — without manual effort.
Gap Analysis
Identify which controls are fully implemented, partially implemented, or not yet addressed. Prioritize remediation based on risk.
Audit Management
Track audit periods, schedule evidence collection, manage findings, and generate reports for auditors.
Unified Compliance Dashboard
CaseBender provides a unified view across all enabled compliance frameworks:Cross-Framework Visibility
- Compliance Score: Aggregate compliance percentage across all frameworks
- Control Overlap: Many controls satisfy multiple frameworks simultaneously (e.g., audit logging satisfies SOC2 CC7.2, ISO 27001 A.8.15, CMMC AU.L2-3.3.1, and HIPAA 164.312(b))
- Gap Prioritization: Gaps are ranked by how many frameworks they affect
- Deadline Tracking: Upcoming audit deadlines, evidence collection schedules, and remediation due dates
- Activity Feed: Recent compliance activities across all frameworks
Regulatory Reporting
- Automated Report Generation: Generate framework-specific reports with collected evidence
- Scheduled Reports: Configure recurring report generation for continuous compliance
- Export Formats: PDF, CSV, and structured data exports for auditor consumption
- Evidence Packages: Bundle evidence artifacts with control mappings for audit submissions
Control Testing
CaseBender includes a unified control testing module that works across all frameworks:Testing Capabilities
- Automated Tests: Configurable test procedures that run on schedule
- Manual Tests: Guided test procedures with evidence capture
- Cross-Framework Mapping: A single test can satisfy controls across multiple frameworks
- Test Scheduling: Calendar-based scheduling with reminders and escalation
- Result Tracking: Pass/fail/partial results with evidence attachment
Testing Workflow
- Schedule: Tests are scheduled based on framework requirements (quarterly, annually, etc.)
- Execute: Automated tests run automatically; manual tests notify the assigned tester
- Evidence: Test results and supporting evidence are captured automatically
- Review: Results are reviewed and approved by the compliance team
- Report: Test results feed into framework-specific compliance reports
Compliance Training
Track and manage compliance training requirements:- Training Programs: Define training requirements per framework and role
- Assignment Management: Automatically assign training based on user role and team
- Completion Tracking: Track completion rates, scores, and certification status
- Compliance Matrix: View training compliance across users, teams, and frameworks
- Campaign Management: Launch targeted training campaigns for new requirements
Detailed Framework Documentation
SOC2 Type II
Trust Service Criteria, evidence collection, attestation management
ISO 27001:2022
ISMS controls, risk management, internal audit, Statement of Applicability
GDPR & Privacy
Data subject rights, consent management, breach notification, cross-border transfers
Additional Frameworks
CMMC, FedRAMP, HIPAA, PCI DSS, Export Control, EU AI Act
Related Documentation
- Audit Logging — The audit trail that provides compliance evidence
- Data Protection — Encryption and retention policies
- Security Overview — Platform security posture