Generador de Listas de Verificación de Cumplimiento

Entrada

Compliance Area

We are a healthtech startup processing patient records in the EU and US. We need a checklist for our first HIPAA + GDPR audit covering data storage, access controls, encryption, breach notification, and vendor agreements.

Industry

Healthcare

Regulation Type

hipaa

Jurisdiction

global

Company Size

startup

Salida (extracto)

HIPAA + GDPR Audit Checklist. Access Control: [ ] Unique user IDs and role-based access; [ ] MFA for all PHI access; [ ] Automatic session timeout. Encryption: [ ] PHI encrypted at rest (AES-256) and in transit (TLS 1.2+). Breach Notification: [ ] HIPAA 60-day notification process; [ ] GDPR 72-hour DPA notification. Vendors: [ ] Signed BAAs (HIPAA) and DPAs (GDPR). Documentation: [ ] Risk assessment; [ ] Records of Processing; [ ] Audit logs retained 6 years.

Entrada

Compliance Area

Online store taking card payments through Stripe Checkout. We want to confirm we meet PCI-DSS obligations as a merchant that does not store card data directly, ahead of our annual self-assessment questionnaire.

Industry

E-commerce

Regulation Type

pci-dss

Jurisdiction

us

Company Size

smb

Salida (extracto)

PCI-DSS Merchant Checklist (SAQ-A scope). [ ] Confirm all cardholder data is handled by Stripe, not stored on your servers. [ ] Use Stripe's hosted/embedded fields so card data never touches your backend. [ ] Enforce HTTPS/TLS sitewide. [ ] Restrict admin access with strong passwords + MFA. [ ] Keep platform and plugins patched. [ ] Maintain a documented information security policy. [ ] Complete the annual SAQ-A and quarterly ASV scan if applicable.

Entrada

Compliance Area

Mid-stage SaaS pursuing ISO 27001 certification to close enterprise deals. We need a checklist covering the Information Security Management System (ISMS), risk treatment, and Annex A controls before our Stage 1 audit.

Industry

SaaS

Regulation Type

iso-27001

Jurisdiction

eu

Company Size

enterprise

Salida (extracto)

ISO 27001 Readiness Checklist. ISMS Foundation: [ ] Defined scope and ISMS policy; [ ] Leadership commitment documented. Risk Management: [ ] Risk assessment methodology; [ ] Risk treatment plan; [ ] Statement of Applicability mapping Annex A controls. Operations: [ ] Asset inventory; [ ] Access control policy; [ ] Supplier security; [ ] Incident management; [ ] Business continuity. Evidence: [ ] Internal audit completed; [ ] Management review; [ ] Corrective actions logged before Stage 1.