Sudory

Frameworks

One scan, multiple frameworks

Sudory maps every check to the frameworks you need. A single scan produces evidence across all of them. No duplicate effort.

GDPR

Live

Sub-processor obligations, Data Processing Agreements, international transfers, and EU-US Data Privacy Framework. The foundation of vendor due diligence.

NIS2

Live

EU directive for network and information security. Supply chain security, incident reporting, and risk management for essential and important entities.

ISO 27002

Live

Implementation guidance for ISO 27001 controls. 93 controls across organizational, people, physical, and technological domains.

SOC 2

Live

Trust Service Criteria for SaaS. Continuous evidence collection for Type II audits across security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

Reference

Information security management system. Supplier relationships (A.5.19 to A.5.23), risk-based approach, and continuous ISMS monitoring.

CIS Benchmarks

Reference

Configuration compliance for cloud and SaaS platforms. Automated scanning against CIS standards, mapped to ISO 27001, NIS2, and DORA.

DORA

Reference

Digital Operational Resilience Act. ICT third-party risk management, concentration risk, and sub-outsourcing chains for financial entities.

EAA

Reference

European Accessibility Act. Economic operator obligations (manufacturer, importer, distributor) for accessible digital products and services.

AI Act

Reference

EU regulation on artificial intelligence. Risk-based classification with mandatory requirements for high-risk AI systems.

See which findings map to these frameworks

Run a scan on any domain. Every finding shows the controls and frameworks it touches, with no signup.