> ## Documentation Index
> Fetch the complete documentation index at: https://docs.casebender.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Compliance Overview

> CaseBender supports 10+ compliance frameworks with built-in evidence collection, control testing, and audit management.

## Compliance Framework Support

CaseBender includes native support for major compliance frameworks. Each framework implementation includes control mapping, automated evidence collection, gap analysis, and reporting — built directly into the platform, not bolted on.

### Framework Matrix

| Framework            | Standard           | Implementation                                                          | Evidence Collection                       | Reporting                                    |
| -------------------- | ------------------ | ----------------------------------------------------------------------- | ----------------------------------------- | -------------------------------------------- |
| **SOC2 Type II**     | AICPA TSC 2017     | Trust Service Criteria mapping, control testing, attestation management | Automated collectors, 3-year retention    | Audit period reports, gap analysis           |
| **ISO 27001:2022**   | ISO/IEC 27001:2022 | Full Annex A controls, Statement of Applicability, risk register        | Automated collectors, evidence review     | Internal audit reports, management review    |
| **GDPR**             | EU 2016/679        | Articles 5-88 coverage, DSAR management, consent lifecycle              | PII registry, processing activity records | Breach notification, DPIA reports            |
| **CMMC Level 2**     | NIST SP 800-171    | 110 practices across 14 domains, SPRS scoring                           | Automated collectors, POA\&M tracking     | Assessment reports, SPRS score history       |
| **FedRAMP Moderate** | NIST SP 800-53     | 325 controls, continuous monitoring, SSP management                     | Automated collectors, ConMon reports      | Authorization packages, SAR reports          |
| **HIPAA**            | 45 CFR 160-164     | Security Rule safeguards, breach notification, BAA management           | PHI access logging, training records      | Disclosure reports, risk assessments         |
| **PCI DSS v4.0**     | PCI SSC            | 12 requirements, 78 sub-requirements                                    | Automated collectors, control testing     | Assessment reports, gap analysis             |
| **Export Control**   | EAR / ITAR         | ECCN classification, denied party screening, country controls           | Screening logs, license tracking          | Transfer reports, compliance dashboards      |
| **EU AI Act**        | EU 2024/1689       | AI system registration, risk assessment, conformity                     | Incident reports, oversight records       | Risk assessments, transparency reports       |
| **Legal Hold**       | FRCP / eDiscovery  | Litigation preservation, custodian management                           | Evidence chain of custody                 | Hold status reports, compliance verification |

### How Compliance Works in CaseBender

<CardGroup cols={2}>
  <Card title="Control Mapping" icon="map">
    Each framework's controls are mapped to CaseBender features and configurations. You can see exactly which platform capabilities satisfy which compliance requirements.
  </Card>

  <Card title="Evidence Collection" icon="folder-open">
    Automated collectors gather evidence from the running platform — audit logs, configuration snapshots, access records — without manual effort.
  </Card>

  <Card title="Gap Analysis" icon="magnifying-glass-chart">
    Identify which controls are fully implemented, partially implemented, or not yet addressed. Prioritize remediation based on risk.
  </Card>

  <Card title="Audit Management" icon="calendar-check">
    Track audit periods, schedule evidence collection, manage findings, and generate reports for auditors.
  </Card>
</CardGroup>

## Unified Compliance Dashboard

CaseBender provides a unified view across all enabled compliance frameworks:

### Cross-Framework Visibility

* **Compliance Score**: Aggregate compliance percentage across all frameworks
* **Control Overlap**: Many controls satisfy multiple frameworks simultaneously (e.g., audit logging satisfies SOC2 CC7.2, ISO 27001 A.8.15, CMMC AU.L2-3.3.1, and HIPAA 164.312(b))
* **Gap Prioritization**: Gaps are ranked by how many frameworks they affect
* **Deadline Tracking**: Upcoming audit deadlines, evidence collection schedules, and remediation due dates
* **Activity Feed**: Recent compliance activities across all frameworks

### Regulatory Reporting

* **Automated Report Generation**: Generate framework-specific reports with collected evidence
* **Scheduled Reports**: Configure recurring report generation for continuous compliance
* **Export Formats**: PDF, CSV, and structured data exports for auditor consumption
* **Evidence Packages**: Bundle evidence artifacts with control mappings for audit submissions

## Control Testing

CaseBender includes a unified control testing module that works across all frameworks:

### Testing Capabilities

* **Automated Tests**: Configurable test procedures that run on schedule
* **Manual Tests**: Guided test procedures with evidence capture
* **Cross-Framework Mapping**: A single test can satisfy controls across multiple frameworks
* **Test Scheduling**: Calendar-based scheduling with reminders and escalation
* **Result Tracking**: Pass/fail/partial results with evidence attachment

### Testing Workflow

1. **Schedule**: Tests are scheduled based on framework requirements (quarterly, annually, etc.)
2. **Execute**: Automated tests run automatically; manual tests notify the assigned tester
3. **Evidence**: Test results and supporting evidence are captured automatically
4. **Review**: Results are reviewed and approved by the compliance team
5. **Report**: Test results feed into framework-specific compliance reports

## Compliance Training

Track and manage compliance training requirements:

* **Training Programs**: Define training requirements per framework and role
* **Assignment Management**: Automatically assign training based on user role and team
* **Completion Tracking**: Track completion rates, scores, and certification status
* **Compliance Matrix**: View training compliance across users, teams, and frameworks
* **Campaign Management**: Launch targeted training campaigns for new requirements

## Detailed Framework Documentation

<CardGroup cols={2}>
  <Card title="SOC2 Type II" icon="shield-check" href="/en/security/compliance-soc2">
    Trust Service Criteria, evidence collection, attestation management
  </Card>

  <Card title="ISO 27001:2022" icon="certificate" href="/en/security/compliance-iso27001">
    ISMS controls, risk management, internal audit, Statement of Applicability
  </Card>

  <Card title="GDPR & Privacy" icon="user-lock" href="/en/security/compliance-gdpr">
    Data subject rights, consent management, breach notification, cross-border transfers
  </Card>

  <Card title="Additional Frameworks" icon="layer-group" href="/en/security/compliance-additional">
    CMMC, FedRAMP, HIPAA, PCI DSS, Export Control, EU AI Act
  </Card>
</CardGroup>

## Related Documentation

* [Audit Logging](/en/security/audit-logging) — The audit trail that provides compliance evidence
* [Data Protection](/en/security/data-protection) — Encryption and retention policies
* [Security Overview](/en/security/overview) — Platform security posture
