Compliance Readiness Assessment
Answer a few questions to evaluate your security posture and receive personalized compliance recommendations.
Tell Us About Your Organization
Help us understand your business so we can tailor our recommendations.
How the Compliance Assessment Works
Our free compliance readiness assessment walks through four short steps. It maps your industry, headcount, existing security posture, and regulatory exposure to the frameworks that apply to your business, then produces a readiness score and a prioritized action plan. Nothing you enter is required to view the framework guidance below.
- 1Tell Us About Your Organization
Help us understand your business so we can tailor our recommendations.
- 2Your Current Security Posture
We will assess your existing security foundations to identify strengths and gaps.
- 3Compliance Requirements
Select the regulations and frameworks relevant to your business.
- 4Your Compliance Readiness Results
Based on your responses, here is your compliance readiness assessment.
Frameworks the Finder Can Recommend
Based on your answers, the finder surfaces the standards and regulations most relevant to your organization. The matrix below shows each trigger question, the framework it maps to, and what that framework covers, so you can see the full range of recommendations before you begin.
| If this applies to you | Recommended framework | What it covers |
|---|---|---|
| Are enterprise customers asking for SOC 2? | SOC 2 | Trust service criteria for security, availability, and confidentiality. Required by most enterprise buyers. |
| Do you handle protected health information (PHI)? | HIPAA | Required for organizations that create, receive, maintain, or transmit protected health information (PHI). Covers administrative, physical, and technical safeguards. |
| Do you handle protected health information (PHI)? | HITRUST | Comprehensive security framework that maps to HIPAA requirements for protecting health information. |
| Do you process payment card data? | PCI DSS | Payment Card Industry Data Security Standard for organizations handling cardholder data. |
| Do you work with the US Department of Defense? | CMMC | Cybersecurity Maturity Model Certification required for Department of Defense contractors. |
| Do you have EU customers or process EU personal data? | GDPR | General Data Protection Regulation compliance for organizations processing EU personal data. |
| Do you have California customers? | CCPA / CPRA | California Consumer Privacy Act and California Privacy Rights Act for businesses serving California residents. |
| Are you publicly traded or planning an IPO? | SOX IT Compliance | Sarbanes-Oxley Section 404 IT General Controls for publicly traded companies and pre-IPO organizations. |
| Do you manufacture medical devices or SaMD? | FDA Cybersecurity | FDA premarket cybersecurity requirements under Section 524B for medical device manufacturers and SaMD companies. |
| Do you process personal data of individuals in India? | India DPDP Act | Digital Personal Data Protection Act compliance for organizations processing personal data of individuals in India. |
| Do you use AI/ML in your products or services? | ISO 42001 | International standard for AI management systems. Demonstrates responsible AI governance for organizations developing, deploying, or procuring AI systems. |
| Do you use AI/ML in your products or services? | NIST AI RMF | NIST AI Risk Management Framework for trustworthy AI design, development, deployment, and use. Covers governance, mapping, measuring, and managing AI risks. |
| Do you sell to or work with the Australian government? | IRAP | Australian government ICT security assessment program. Required for organizations providing services to Australian government agencies. |
| Do you sell to or work with the Singapore government? | ISMAP | Singapore government cloud security assessment framework. Required for cloud service providers selling to the Singapore government. |
| Do you sell to or work with Spanish or EU government agencies? | ENS | Spain's National Security Framework (Esquema Nacional de Seguridad). Mandatory for organizations working with Spanish public sector entities and EU government agencies. |
Understanding Your Readiness Score
Your responses are scored from 0 to 100 across documented policies, security ownership, prior audits, automation tooling, and data sensitivity. The score maps to one of four maturity tiers, each with tailored guidance on where to focus next.
| Score range | Maturity tier | What it means |
|---|---|---|
| 0 - 30 | Early Stage | Your organization is in the early stages of building a compliance program. This is common for growing companies, and the right guidance can accelerate your readiness significantly. |
| 31 - 60 | Building | You have some foundations in place but gaps remain. A structured compliance roadmap will help you close those gaps efficiently and prepare for certification. |
| 61 - 85 | Maturing | Your security posture is well-developed. With targeted improvements and expert guidance, you can achieve and maintain compliance across multiple frameworks. |
| 86 - 100 | Advanced | Your organization demonstrates strong security maturity. Focus on maintaining compliance, optimizing processes, and staying ahead of evolving requirements. |