Every framework. One enforcement model.
SOC 2, ISO 27001, and HIPAA share more than auditors admit. ZeroTB maps the overlap and runs it as one engine. The framework changes with the customer. The domains do not.
Shared at the center
A control about access removal is the same operational reality whether SOC 2 calls it CC6.3, ISO 27001 calls it A.5.16, or HIPAA calls it §164.308(a)(3)(ii)(C). The control fires the same way. The integration is the same. The evidence is the same.
- Access removal on termination
- MFA enforcement
- Encryption at rest
- Audit logging
- Vendor due diligence
- Endpoint posture
Three frameworks ZeroTB enforces today.
Common Criteria + Availability + Confidentiality. Mapped to all five domains. Type 1 and Type 2 carried through the same Blueprint.
Annex A:2022, four themes. Same engine. Different lens. ISMS-aligned evidence chain.
Administrative, Physical, Technical Safeguards. Healthtech beachhead. Built around the strictest enforcement bar.
AI governance for the era that broke the rest. The next framework lens we are building.