Compliance Considerations
Version: 0.1 (Draft)
Date: 2025-08-08
Owner: Compliance & Security
Scope
Regulatory and standards alignment (ISO/IEC 27001, SOC 2, GDPR, ISO/IEC 38500, COBIT 2019, ITIL 4).
Key Controls
- Policy lifecycle management; control mapping; evidence collection; exception process.
- Data protection: classification, encryption, retention, subject rights.
- Logging and monitoring: tamper-evident logs; incident response.
Assessments
- Readiness reviews; internal audits; third-party attestations as needed.
Documentation
- Maintain policies, procedures, records of processing, DPIAs where applicable.