Understanding Compliance Frameworks

What Is a Compliance Framework?

A compliance framework is a structured set of requirements, controls, and best practices that defines how an organization should protect data, manage risk, and operate securely. Independent audits validate whether a company meets those requirements, resulting in certifications that build trust with customers, partners, and regulators.

Frameworks Supported by Imara

• SOC 2 — American standard developed by the AICPA for technology and SaaS companies. Evaluates controls related to Security, Availability, Processing Integrity, Confidentiality, and Privacy (Trust Service Criteria).
• ISO 27001 — International standard for Information Security Management Systems (ISMS). Widely recognized globally and required by many enterprise contracts.
• GDPR — EU General Data Protection Regulation. Mandatory for companies processing data of EU citizens.
• HIPAA — U.S. law regulating the protection of identifiable health information. Required for healthcare sector companies in the U.S.
• PCI DSS — Security standard for organizations that process, store, or transmit payment card data.
• LGPD — Brazil's General Data Protection Law. Mandatory for companies collecting or processing personal data of Brazilian citizens.
• CCPA — California Consumer Privacy Act. Applies to companies collecting personal data of California residents.
  
  

Canonical Controls

Imara uses the concept of Canonical Controls to unify equivalent requirements across multiple frameworks. This means a single implemented control can satisfy requirements in several frameworks simultaneously, significantly reducing compliance effort for organizations pursuing multiple certifications.

Choosing the Right Frameworks

The choice of frameworks depends on your industry, the markets where you operate, customer requirements, and legal obligations. We recommend starting with the frameworks required by your most strategic customers and expanding gradually.