Compliance

Scan evidence by framework

Scorifya scans don't replace your audit, but they automate the public-posture checks that come up in every framework — TLS configuration, secure headers, redirect chains, and email auth. Each page below maps Scorifya's findings to specific control numbers in the framework, so scan output can serve as repeatable evidence during audit prep.

• PCI DSS 4.0

  PCI DSS website security checklist — what Scorifya covers

  Map PCI DSS 4.0 web-facing requirements (TLS 1.2+, secure headers, vulnerability mitigation) to Scorifya's automated scan checks — what's covered and what still needs an internal review.

• HIPAA Security Rule

  HIPAA website security checklist — what Scorifya helps with

  How Scorifya's automated scan supports HIPAA Security Rule technical safeguards for public-facing web properties handling ePHI: encryption in transit, access controls, audit signals.

• SOC 2 (TSC 2017)

  SOC 2 website security checklist — Trust Services Criteria mapping

  How Scorifya's automated scan produces evidence for SOC 2 Trust Services Criteria around security, availability, and confidentiality of public web properties.

• ISO/IEC 27001:2022

  ISO 27001 website security checklist — Annex A control mapping

  How Scorifya's automated scan supports ISO/IEC 27001:2022 Annex A controls for public-facing web infrastructure: cryptography, application security, vulnerability management.