VORIONVORION
Free Scan
BASIS/Compliance

Compliance Mapping

SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, EU AI Act

Overview

BASIS provides built-in support for major regulatory and compliance frameworks. This document maps BASIS capabilities to specific compliance requirements.

Supported Frameworks

FrameworkJurisdictionFocusBASIS Relevance
SOC 2 Type IIGlobalSecurity, AvailabilityHigh
ISO 27001:2022GlobalInformation SecurityHigh
GDPREU/EEAData ProtectionHigh
HIPAAUSHealth InformationHigh
PCI DSS 4.0GlobalPayment Card DataMedium
EU AI ActEUAI SystemsCritical

NIST AI Risk Management Framework

BASIS maps directly to the NIST AI RMF four core functions: GOVERN, MAP, MEASURE, MANAGE.

GOVERN

Full
  • Policy definition via trust tiers
  • Accountability assignment
  • Organizational roles

MAP

Full
  • Risk classification engine
  • Context categorization
  • Capability scope mapping

MEASURE

Full
  • Trust scoring
  • Audit metrics
  • PROOF layer records

MANAGE

Full
  • ENFORCE layer controls
  • Escalation circuits
  • Incident response hooks

SOC 2 Type II

BASIS provides comprehensive coverage for SOC 2 Trust Services Criteria:

Security (CC)

Full
  • Access control via trust tiers
  • Capability gating
  • Audit logging

Availability (A)

Full
  • Failure mode handling
  • Circuit breakers
  • Graceful degradation

Processing Integrity (PI)

Full
  • ENFORCE layer validation
  • PROOF layer integrity
  • Hash chains

Confidentiality (C)

Full
  • Data capability restrictions
  • Tier-based access
  • Encryption requirements

ISO/IEC 42001:2023

The first international standard for AI management systems. BASIS satisfies its core requirements:

ClauseRequirementBASIS Implementation
�6.1Risk treatmentTrust tier risk classification
�8.1Operational planningCapability gating, ENFORCE layer
�8.4AI system lifecycleVersioned policy, audit chain
�9.1Performance monitoringTrust decay, health checks
�10.1ImprovementIncident ? policy update loop

GDPR

ArticleRequirementBASIS Implementation
Art. 5(1)(f)Integrity & confidentialityCryptographic proofs, access control
Art. 5(2)AccountabilityComplete audit trail in PROOF layer
Art. 25Data protection by designGovernance-before-execution
Art. 30Records of processingPROOF layer records all decisions
Art. 32Security of processingTrust boundaries, capability gating

EU AI Act

BASIS provides critical support for high-risk AI system requirements:

ArticleRequirementBASIS Implementation
Art. 9Risk managementRisk classification, trust scoring
Art. 11Technical documentationPROOF layer records
Art. 12Record-keeping7-year retention, hash chain
Art. 13TransparencyAudit trail, decision explanations
Art. 14Human oversightEscalation mechanism
Art. 15Accuracy & robustnessTrust decay, failure handling

Minimum Conformance by Framework

FrameworkMin BASIS LevelKey Components
SOC 2BASIS CoreENFORCE + PROOF
ISO 27001BASIS CoreFull capability gating
GDPRBASIS CompleteData capabilities + PROOF
HIPAABASIS CompletePHI capabilities + encryption
EU AI ActBASIS CompleteFull governance + human oversight

For complete compliance mappings including HIPAA, PCI DSS, NIST AI RMF, and audit evidence guidance, see the full document on GitHub.

View Full Compliance Mapping on GitHub