Home β€Ί Services β€Ί Compliance Matrix

πŸ“Š Compliance Matrix

Track, analyze, and manage your organization's compliance posture across all regulatory frameworks from a single dashboard.

βœ…

5

Fully Compliant

↑ 1
⚠️

3

Partially Compliant

β†’ 0
❌

2

Non-Compliant

↓ 1
πŸ“‹

82%

Overall Compliance

↑ 5%
πŸ”
All Data Privacy Financial Healthcare Info Security Employment Corporate Governance

Regulatory Frameworks & Compliance Status

Showing 8 of 8 frameworks
Regulation / Framework Category Region Status Compliance Score Last Audit Next Review
πŸ‡ͺπŸ‡Ί

GDPR

General Data Protection Regulation

 Data Privacy European Union Compliant
94%
2025-01-15 2025-07-15

πŸ“‹ Key Requirements

Data Subject Rightsβœ“ Met
Lawful Basis Processingβœ“ Met
DPO Appointedβœ“ Met
Data Breach Notificationβœ“ Met
Privacy by Design⚠ Partial
DPIA Completedβœ“ Met

πŸ“Š Compliance Details

Total Requirements54
Fully Met51
Partially Met3
Not Met0
Responsible TeamLegal & IT
Assigned OfficerMaria Santos

⚠️ Identified Gaps

β€’ Privacy by Design β€” documentation incomplete for 2 systems
β€’ Cookie consent banner β€” updated (resolved 2025-01-10)
β€’ Data retention schedule β€” finalized (resolved 2024-12-20)
πŸ₯

HIPAA

Health Insurance Portability & Accountability Act

 Healthcare United States Compliant
91%
2025-02-01 2025-08-01

πŸ“‹ Key Requirements

Privacy Ruleβœ“ Met
Security Ruleβœ“ Met
Breach Notificationβœ“ Met
BAAs in Placeβœ“ Met
Risk Assessmentβœ“ Met

πŸ“Š Compliance Details

Total Requirements42
Fully Met38
Partially Met4
Not Met0
Assigned OfficerDr. Alan Park

⚠️ Identified Gaps

β€’ Workforce training β€” 3 employees pending recertification
β€’ Incident response plan β€” updated (resolved 2025-01-28)
πŸ’°

SOX

Sarbanes-Oxley Act

 Financial United States Compliant
88%
2025-01-20 2025-07-20

πŸ“‹ Key Requirements

Section 302 β€” Certificationsβœ“ Met
Section 404 β€” Internal Controlsβœ“ Met
Section 409 β€” Disclosuresβœ“ Met
Section 802 β€” Record Retentionβœ“ Met

πŸ“Š Compliance Details

Total Requirements36
Fully Met32
Partially Met4
Responsible TeamFinance & Audit

⚠️ Identified Gaps

β€’ Access controls β€” review pending for 2 legacy systems
β€’ Change management log β€” updated (resolved 2025-01-22)
🌴

CCPA / CPRA

California Consumer Privacy Act

 Data Privacy United States (CA) Partial
72%
2025-02-10 2025-05-10

πŸ“‹ Key Requirements

Right to Knowβœ“ Met
Right to Deleteβœ“ Met
Right to Opt-Out⚠ Partial
Service Agreement Updatesβœ— Not Met
Privacy Notice Updatesβœ“ Met

πŸ“Š Compliance Details

Total Requirements48
Fully Met30
Partially Met12
Not Met6
Assigned OfficerJames Carter

⚠️ Identified Gaps

β€’ Opt-out mechanism β€” needs global coverage implementation
β€’ Service agreements β€” 4 vendor contracts need CPRA addenda
β€’ Privacy notice β€” updated for CPRA (resolved 2025-01-15)
πŸ”

ISO 27001

Information Security Management System

 Info Security Global Compliant
96%
2025-01-08 2025-07-08

πŸ“‹ Key Requirements

Risk Assessment Processβœ“ Met
Access Control Policyβœ“ Met
Incident Managementβœ“ Met
Business Continuityβœ“ Met
Supplier Securityβœ“ Met

πŸ“Š Compliance Details

Total Controls93
Implemented89
Partially4
Certification Valid Until2026-03-15

⚠️ Identified Gaps

β€’ Cryptographic key management β€” review needed
β€’ Physical security β€” updated after office move (resolved 2024-12-10)
πŸ’³

PCI DSS

Payment Card Industry Data Security Standard

 Info Security Global In Progress
65%
2025-02-20 2025-06-20

πŸ“‹ Key Requirements

Network Securityβœ“ Met
Data Protection⚠ Partial
Vulnerability Mgmtβœ“ Met
Access Control⚠ Partial
Monitoring & Testingβœ“ Met

πŸ“Š Compliance Details

Total Requirements12
Fully Met7
In Progress5
Target Completion2025-06-20

⚠️ Identified Gaps

β€’ Cardholder data encryption β€” key rotation needed
β€’ Access control β€” least privilege review pending
β€’ Network segmentation β€” implemented (resolved 2025-02-01)
βš–οΈ

OCC / EEOC

Employment & Anti-Discrimination Guidelines

 Employment United States Non-Compliant
45%
2025-02-05 2025-04-05

πŸ“‹ Key Requirements

Anti-Discrimination Policyβœ— Not Met
Harassment Preventionβœ— Not Met
Reasonable Accommodationβœ“ Met
Pay Equity Analysis⚠ Partial
Complaint Proceduresβœ— Not Met

πŸ“Š Compliance Details

Total Requirements30
Fully Met10
Partially Met4
Not Met16
UrgencyπŸ”΄ Critical

⚠️ Identified Gaps

β€’ Anti-discrimination policy β€” not yet drafted
β€’ Harassment prevention β€” training program missing
β€’ Complaint procedures β€” formal process needed
β€’ Pay equity β€” annual analysis overdue
πŸ‡¬πŸ‡§

UK ICO / UK-GDPR

UK Information Commissioner's Office Guidelines

 Data Privacy United Kingdom Compliant
87%
2025-01-25 2025-07-25

πŸ“‹ Key Requirements

UK-GDPR Registrationβœ“ Met
Data Protection Policyβœ“ Met
ICO Fee Paymentβœ“ Met
7 Principles Alignmentβœ“ Met

πŸ“Š Compliance Details

Total Requirements46
Fully Met40
Partially Met6
Assigned OfficerEmily Watson

⚠️ Identified Gaps

β€’ International transfers β€” adequacy decision review needed
β€’ ICO registration β€” renewed (resolved 2025-01-20)

πŸ”— Framework Cross-Reference

See how different frameworks overlap and share common requirements.

πŸ‡ͺπŸ‡Ί

GDPR

European Union β€” Data Protection

Total Articles 99
Your Compliance 94%
βœ“ Lawful basis for processing
βœ“ Data subject access requests
βœ“ Data breach notification (72hrs)
⚠ Privacy by design docs
View Details β†’
πŸ₯

HIPAA

United States β€” Healthcare Privacy

Total Rules 42
Your Compliance 91%
βœ“ Privacy Rule implementation
βœ“ Security Rule controls
βœ“ Business Associate Agreements
⚠ Workforce recertification
View Details β†’
πŸ’°

SOX

United States β€” Corporate Finance

Total Sections 36
Your Compliance 88%
βœ“ CEO/CFO certifications
βœ“ Internal controls (Section 404)
βœ“ Record retention policy
⚠ Legacy system access review
View Details β†’

πŸ—ΊοΈ Policy-to-Regulation Mapping

See which of your policies satisfy requirements across multiple frameworks.

Data Protection Policies

Policy Name Frameworks Status
Data Retention Policy GDPR, CCPA, UK-GDPR βœ“ Active
Privacy Notice GDPR, CCPA, UK-GDPR, HIPAA βœ“ Active
Data Breach Response Plan GDPR, HIPAA, PCI DSS βœ“ Active
Vendor Assessment Policy GDPR, ISO 27001, PCI DSS βœ“ Active
Consent Management GDPR, CCPA, UK-GDPR ⚠ Review

Security & Governance Policies

Policy Name Frameworks Status
Access Control Policy SOX, ISO 27001, PCI DSS, HIPAA βœ“ Active
Incident Response Plan ISO 27001, PCI DSS, HIPAA, SOX βœ“ Active
Business Continuity Plan ISO 27001, SOX, PCI DSS βœ“ Active
Encryption Standards PCI DSS, HIPAA, ISO 27001 ⚠ Review
Anti-Discrimination Policy OCC / EEOC βœ— Missing

Need Help Improving Your Compliance Posture?

Our legal policy experts can help you close gaps, draft missing policies, and achieve full compliance across all frameworks.

Schedule a Consultation β†’ Explore Our Services