Compliance, mapped.
Not stickered on.
Each of our sixteen checks is mapped to a control number in the frameworks below. We hand you the crosswalk, not a logo wall.
SOC 2
Service Organization Control 2
Type II controls — security, availability, confidentiality. How PrismWeb’s sixteen checks map to each trust service criterion.
Read the guide →ISO 27001
Information Security Management
Risk-based controls across the full management system. How our infrastructure aligns with Annex A requirements.
Read the guide →HIPAA
Health Insurance Portability
Administrative, physical, and technical safeguards for PHI. How we satisfy the Security Rule and help you survive an OCR audit.
Read the guide →PCI DSS
Payment Card Industry DSS
Cardholder data environment hardening. How our infrastructure meets PCI DSS 4.0 requirements for hosted payment pages.
Read the guide →GDPR
EU General Data Protection
Lawful basis, data minimization, breach notification. How we help you satisfy controller and processor obligations.
Read the guide →CCPA/CPRA
California Privacy Acts
Consumer rights, opt-out, sensitive data handling. How our security controls support your CCPA compliance obligations.
Read the guide →Cyber Insurance
Insurance Prep Guide
Evidence binders, control documentation, underwriter expectations. What your broker needs and how we produce it.
Read the guide →NIST 800-53
Security & Privacy Controls
Federal baseline for moderate-impact systems. Our control crosswalk for each of the sixteen checks.
Read the guide →Every check has
a control number.
PrismWeb doesn’t bolt compliance on after the fact. Each of the sixteen security checks we perform maps directly to specific control IDs in every major compliance framework. One check, multiple controls satisfied — simultaneously.
When we check your DMARC policy, we’re satisfying SOC 2 CC6.1, ISO 27001 A.13.2.1, NIST AC-4, and your insurer’s email authentication requirement — all at once.
When we validate your TLS configuration, that single check covers SOC 2 CC6.7, ISO 27001 A.10.1.1, HIPAA §164.312(e)(1), PCI DSS Requirement 4.2.1, and GDPR Article 32(1)(a). One infrastructure decision, five frameworks addressed.
This approach means you never need to wonder which security control satisfies which regulation. Our compliance briefs provide the exact crosswalk — control ID to check to evidence — so your auditor, your insurer, and your legal team all get what they need from one source of truth.
The guides below walk through each framework individually, showing precisely which checks map to which requirements and what evidence we produce for each.
Compliance documentation
on demand.
Stop scrambling before audits. Our infrastructure produces the evidence your compliance team needs — continuously, automatically, without consulting fees.