Sudory

Frameworks

One scan, multiple frameworks

Sudory maps every check to the frameworks you need. A single scan produces evidence across all of them — no duplicate effort.

GDPR

Sub-processor obligations, Data Processing Agreements, international transfers, and EU-US Data Privacy Framework. The foundation of vendor due diligence.

NIS2

EU directive for network and information security. Supply chain security, incident reporting, and risk management for essential and important entities.

DORA

Digital Operational Resilience Act. ICT third-party risk management, concentration risk, and sub-outsourcing chains for financial entities.

EAA

European Accessibility Act. Economic operator obligations — manufacturer, importer, distributor — for accessible digital products and services.

ISO 27001

Information security management system. Supplier relationships (A.5.19–5.23), risk-based approach, and continuous ISMS monitoring.

ISO 27002

Implementation guidance for ISO 27001 controls. 93 controls across organizational, people, physical, and technological domains.

SOC 2

Trust Service Criteria for SaaS. Continuous evidence collection for Type II audits — security, availability, processing integrity, confidentiality, and privacy.

CIS Benchmarks

Configuration compliance for cloud and SaaS platforms. Automated scanning against CIS standards — mapped to ISO 27001, NIS2, and DORA.

AI Act

EU regulation on artificial intelligence. Risk-based classification with mandatory requirements for high-risk AI systems.