The frameworks ChronoVault supports.
ChronoVault ships with built-in support for the regulatory frameworks most of our customers operate under. New frameworks are added on a published roadmap, and customers can add their own internal frameworks alongside the canonical ones.
Global
SOC 2
AICPA Trust Services Criteria — the most commonly requested attestation in the SaaS and financial services world. Type I and Type II in one model.
View framework →ISO 27001
ISMS certification based on the 2022 revision of ISO/IEC 27001. The Annex A controls are mapped, structured, and linked to common cross-framework equivalents.
View framework →ISO 27701
Privacy Information Management System extension to ISO 27001. Ship PIMS controls and DPIA workflows alongside your ISMS.
View framework →PCI-DSS v4.0
The Payment Card Industry Data Security Standard, version 4.0. Includes the customized approach and the future-dated requirements that come into force in 2026.
View framework →NIST CSF 2.0
Cybersecurity Framework 2.0 — now with the new Govern function. A voluntary framework used widely as a cross-walk reference.
View framework →NIST 800-53
The US federal control catalog. Used by federal agencies, their contractors, and firms that adopt it as a cross-walk.
View framework →CIS Controls v8
The Center for Internet Security's prioritized controls. A practical starting point for smaller programs.
View framework →India
DPDPA 2023
India's Digital Personal Data Protection Act, 2023. First-class support for the DPDPA's fiduciary model, rights, and significant data fiduciary designation.
View framework →RBI Cybersecurity (SCBs)
RBI's Cybersecurity Framework for Scheduled Commercial Banks. The baseline framework with graded expectations by bank size.
View framework →RBI IT Governance
RBI's Master Direction on IT Governance, Risk, Controls and Assurance Practices. Board-level accountability and risk-based IT governance.
View framework →RBI Digital Lending
RBI's Guidelines on Digital Lending — loan service provider (LSP) obligations, borrower disclosures, data handling, and direct disbursal rules for regulated entities.
View framework →IRDAI Information & Cyber Security
IRDAI Information and Cyber Security Guidelines for insurers and their intermediaries.
View framework →SEBI Cybersecurity
SEBI's Cybersecurity and Cyber Resilience Framework. For stock exchanges, depositories, and registered intermediaries.
View framework →Regional
HIPAA
The US Health Insurance Portability and Accountability Act — Security Rule and Breach Notification. For covered entities and their business associates.
View framework →GDPR
The EU General Data Protection Regulation. Rights-based privacy framework with extraterritorial scope.
View framework →See ChronoVault with your own frameworks.
A 45-minute demo with a compliance engineer, not a salesperson. Tell us the frameworks you care about most and we'll tailor the walkthrough — and leave you with a recording.
Request a demo →