Framework-Agnostic. Execution-Focused.
AuditLink provides native support for major compliance frameworks while enabling you to define and execute custom internal audit programs with identical rigor.
Supported Frameworks
Pre-built control mappings and evidence requirements for major compliance frameworks.
SOC 2
Service Organization Control 2
Trust Services Criteria for service organizations. Full support for Type I and Type II audits with pre-mapped controls and evidence requirements.
ISO 27001
ISO/IEC 27001:2022
International standard for information security management systems. Complete Annex A control mapping with evidence guidance.
HIPAA
Health Insurance Portability and Accountability Act
Healthcare data protection requirements. Security Rule, Privacy Rule, and Breach Notification Rule coverage.
PCI-DSS
Payment Card Industry Data Security Standard
Payment card data protection requirements. Full 12-requirement coverage with quarterly and annual evidence cycles.
GDPR
General Data Protection Regulation
European data protection regulation. Article-by-article mapping with evidence requirements for demonstrating compliance.
CCPA/CPRA
California Consumer Privacy Act / California Privacy Rights Act
California privacy regulations. Consumer rights and business obligation control mappings.
FedRAMP
Federal Risk and Authorization Management Program
Federal cloud security authorization. Low, Moderate, and High baseline control packages.
NIST CSF
NIST Cybersecurity Framework
Voluntary cybersecurity framework. Function, Category, and Subcategory mapping with implementation tier guidance.
NIST 800-53
NIST Special Publication 800-53
Security and privacy controls for federal systems. Full control catalog with baseline profiles.
SOC 1
Service Organization Control 1
Controls relevant to user entity financial reporting. Type I and Type II with ITGC focus.
HITRUST CSF
HITRUST Common Security Framework
Comprehensive security framework incorporating multiple regulations. Assessment scope and evidence mapping.
CIS Controls
Center for Internet Security Controls
Prioritized security controls. Implementation Groups 1, 2, and 3 with safeguard-level mapping.
The Same Rigor, Your Requirements
Internal and Custom Audit Programs
Beyond regulatory frameworks, AuditLink enables you to define and execute internal audit programs with the same systematic approach. Define custom controls, map evidence requirements, and maintain continuous assurance for any operational area.
Operational Audits
Assess operational efficiency, process compliance, and performance against internal standards.
Vendor Assessments
Evaluate third-party vendor compliance with your security and operational requirements.
Policy Compliance
Verify adherence to internal policies across departments and business units.
Controls Testing
Regular testing of control effectiveness independent of formal audit cycles.
Pre-Audit Readiness
Internal assessments before formal external audits to identify and remediate gaps.
Continuous Assurance
Ongoing monitoring of control effectiveness with real-time visibility and alerting.
Your Framework, Our Execution
Whether regulatory, internal, or custom—AuditLink adapts to your audit requirements.