Compliance
How Scrydon maps to ISO 27001, ISO 42001, the EU AI Act, GDPR, SOC 2, NIST, SecNumCloud, the EU CRA, and AIUC-1 — plus the AI-governance controls that satisfy them.
Scrydon is built for organisations that have to prove their AI is governed, not just claim it. This section maps Scrydon's controls to the frameworks customers most often need to comply with, and points at the evidence the platform produces automatically.
Frameworks
ISO/IEC 27001
Information security management. The baseline framework most enterprises require.
ISO/IEC 42001
AI management system — the AI-specific counterpart to 27001.
EU AI Act
Risk-based regulation of AI systems in the European Union.
GDPR
EU data protection — lawful basis, data minimisation, retention, right to erasure.
SOC 2
AICPA Trust Services Criteria — security, availability, confidentiality.
NIST AI RMF
NIST AI Risk Management Framework — Govern, Map, Measure, Manage.
SecNumCloud
ANSSI SecNumCloud — French sovereign cloud security baseline.
EU CRA
EU Cyber Resilience Act — security requirements for digital products.
AIUC-1
AI Use-Case attestations for enterprise AI procurement.
Shared responsibility
Scrydon is one component of your compliance posture, not the whole thing. The platform ships the technical controls; you still own the organisational controls around it.
Each framework page below is honest about which controls Scrydon satisfies and which it merely supports — with links to the underlying Security controls and the evidence the platform produces automatically.
Vanta integration
Scrydon integrates with Vanta — every framework page lists which controls Vanta picks up automatically, and which require manual evidence collection.
Where to start
If you're preparing for an audit:
- Pick your framework above.
- Each page lists the controls and the Scrydon feature that satisfies each.
- Use AI governance for the AI-specific lifecycle artefacts auditors will ask for.
- Cross-reference Security for the underlying controls.