SOC 2 Type II: Security & Continuous Monitoring
SOC 2 Type II is the de facto security standard for B2B SaaS in North America. In 2026, it has evolved into a continuous control monitoring (CCM) framework.
Compliance Intelligence
ISO/IEC 27001:2022: Global Information Security Management
ISO 27001:2022 is the international gold standard for Information Security Management Systems (ISMS), now including cloud and privacy extensions.
GDPR: Data Privacy & Sovereignty
The General Data Protection Regulation (GDPR) is the EU's strict privacy framework, mandating data-sharing-by-design and real-time user data portability.
HIPAA: Health Data Portability & Accountability
HIPAA sets the standard for protecting sensitive patient data. Open source tools must be HIPAA Eligible to be used in US healthcare environments.
FERPA: US Student Privacy & Education Records Law
FERPA is the US federal law governing student education record privacy. Any open source tool deployed in K-12 or higher education handling student data must be FERPA-eligible.
PCI DSS v4.0: Payment Card Industry Data Security Standard
PCI DSS v4.0 is the mandatory security standard for any organization handling card payments. Self-hosting payment infrastructure can radically reduce your compliance scope — or expand it.
FedRAMP 20x: US Federal Cloud Authorization
FedRAMP 20x is the modernized US government standard for cloud security, focusing on automated validation and machine-readable authorization packages.
FIPS 140-3: Cryptographic Module Validation
FIPS 140-3 is the NIST standard validating cryptographic modules for US federal use. Software handling sensitive government data must use FIPS-validated cryptography — not just claim encryption.
WCAG 2.1 AA: Web Accessibility Standard
WCAG 2.1 AA is the internationally recognized web accessibility standard, mandated by US ADA Section 508, EU EN 301 549, and government procurement rules globally.
EU Cyber Resilience Act (CRA): Software Supply Chain
The EU CRA mandates security requirements for software products in the EU market, focusing on SBOMs and rapid vulnerability reporting.