CompAIQ · compliance frameworks

Compliance frameworks,
ready to run.

A marketplace of audit-ready frameworks — SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST 800-171 — with every control and requirement structured and ready to map evidence against. Fork any pack to build your own. It's the rules engine your audits run on.

Browse the marketplace → How it works ↓
SOC 2ISO 27001HIPAA PCI-DSSNIST 800-171Custom packs
The catalog · structured, not a PDF

Every framework as structured controls — not a 200-page document.

Each pack breaks a standard into its controls and atomic requirements, each with the evidence it expects — so a machine (and your auditor) can actually work with it.

🔐

SOC 2

Trust Services Criteria — security, availability, confidentiality, processing integrity, privacy.

Type I & II
🌐

ISO 27001

Annex A controls for an information security management system, mapped to requirements.

ISMS
🏥

HIPAA

Administrative, physical and technical safeguards for protected health information.

PHI
💳

PCI-DSS

The twelve requirements for handling cardholder data, broken into testable checks.

Cardholder data
🛰️

NIST 800-171

Protecting controlled unclassified information across fourteen control families.

CUI
🛠️

Build your own

Fork any pack or start blank — add controls, requirements and evidence asks. Your custom framework, tenant-local.

Customizable
How it works

From a standard to an audit you can run.

Pick a framework Controls + requirements Evidence each asks for Feed your audit
  1. Choose a pack from the marketplace. SOC 2, ISO 27001, HIPAA, PCI-DSS, NIST — or fork one and customize.
  2. Get structured controls + requirements. Each requirement spells out the evidence it expects — not buried in prose.
  3. Customize for your org. Add, remove or reword controls; layer in internal policies. Your fork stays yours.
  4. Run the audit against it. Point AuditAIQ at the framework and it does the first-pass evidence matching, requirement by requirement.
Part of the platform

CompAIQ defines the rules. AuditAIQ enforces them.

CompAIQ is the standards layer of the AI-IQ platform. The frameworks you assemble here become exactly what AuditAIQ audits against — and DocAIQ supplies the evidence. One pipeline, privacy-native throughout.

DocAIQ · the evidence CompAIQ · the rules AuditAIQ · the audit

Stop wrestling PDFs.
Start with a framework that's ready to run.

Browse the marketplace, fork a pack, and make compliance something a machine can help you actually do.

Browse the marketplace → See the whole platform
compaiq.jicama.tech · part of AI-IQ · privacy-native by design