BASIS/Compliance

Compliance Mapping

SOC 2, ISO 27001, GDPR, HIPAA, PCI DSS, EU AI Act

Overview

BASIS provides built-in support for major regulatory and compliance frameworks. This document maps BASIS capabilities to specific compliance requirements.

Supported Frameworks

FrameworkJurisdictionFocusBASIS Relevance
SOC 2 Type IIGlobalSecurity, AvailabilityHigh
ISO 27001:2022GlobalInformation SecurityHigh
GDPREU/EEAData ProtectionHigh
HIPAAUSHealth InformationHigh
PCI DSS 4.0GlobalPayment Card DataMedium
EU AI ActEUAI SystemsCritical

SOC 2 Type II

BASIS provides comprehensive coverage for SOC 2 Trust Services Criteria:

Security (CC)

Full
  • Access control via trust tiers
  • Capability gating
  • Audit logging

Availability (A)

Full
  • Failure mode handling
  • Circuit breakers
  • Graceful degradation

Processing Integrity (PI)

Full
  • ENFORCE layer validation
  • PROOF layer integrity
  • Hash chains

Confidentiality (C)

Full
  • Data capability restrictions
  • Tier-based access
  • Encryption requirements

GDPR

ArticleRequirementBASIS Implementation
Art. 5(1)(f)Integrity & confidentialityCryptographic proofs, access control
Art. 5(2)AccountabilityComplete audit trail in PROOF layer
Art. 25Data protection by designGovernance-before-execution
Art. 30Records of processingPROOF layer records all decisions
Art. 32Security of processingTrust boundaries, capability gating

EU AI Act

BASIS provides critical support for high-risk AI system requirements:

ArticleRequirementBASIS Implementation
Art. 9Risk managementRisk classification, trust scoring
Art. 11Technical documentationPROOF layer records
Art. 12Record-keeping7-year retention, hash chain
Art. 13TransparencyAudit trail, decision explanations
Art. 14Human oversightEscalation mechanism
Art. 15Accuracy & robustnessTrust decay, failure handling

Minimum Conformance by Framework

FrameworkMin BASIS LevelKey Components
SOC 2BASIS CoreENFORCE + PROOF
ISO 27001BASIS CoreFull capability gating
GDPRBASIS CompleteData capabilities + PROOF
HIPAABASIS CompletePHI capabilities + encryption
EU AI ActBASIS CompleteFull governance + human oversight

For complete compliance mappings including HIPAA, PCI DSS, NIST AI RMF, and audit evidence guidance, see the full document on GitHub.

View Full Compliance Mapping on GitHub