Loading…
Loading…
Features
Archiet analyses your blueprint against 7 compliance frameworks. Each report maps your architecture elements to framework controls and identifies gaps — with specific remediation steps, not generic advice.
How to generate a report
Security, availability, confidentiality, processing integrity, privacy. Used by B2B SaaS for enterprise sales.
Most-cited gaps: CC6 (access controls), CC7 (change management), CC8 (vendor risk)
Information security management system (ISMS). International standard recognised in EU, UK, APAC.
Most-cited gaps: A.8 (asset management), A.9 (access control), A.12 (operations security)
EU personal data protection. Required if you process personal data of EU residents, regardless of where you're based.
Most-cited gaps: Art. 25 (data protection by design), Art. 32 (security of processing)
US health data — required if you store, transmit, or process ePHI (electronic protected health information).
Most-cited gaps: Access control, audit controls, transmission security, contingency plan
Payment card data security. Required if you store, process, or transmit cardholder data.
Most-cited gaps: Req. 1–2 (network security), Req. 6 (vulnerability management), Req. 8 (authentication)
EU Digital Operational Resilience Act — applies to financial entities and their ICT service providers from Jan 2025.
Most-cited gaps: Art. 18 (ICT asset classification), Art. 19 (RTO/RPO), Art. 28 (third-party risk)
EU Network and Information Security directive. Expanded scope from NIS1 — applies to more sectors and SMEs.
Most-cited gaps: Art. 21 (security measures), Art. 23 (incident reporting within 24h)
Spain's implementation of EU GDPR with national derogations. Supervised by AEPD. Age of consent is 14 (vs EU standard of 16). Required for any processing of Spanish residents' data.
Most-cited gaps: Art. 5-6 (principios del tratamiento), Art. 25 (privacidad desde el diseño), LOPDGDD Art. 7 (consentimiento de menores)
Mexico's federal data protection law. Supervised by INAI. Introduces ARCO rights (Acceso, Rectificación, Cancelación, Oposición) with 20 business day response window. Requires Aviso de Privacidad.
Most-cited gaps: Art. 8-10 (consentimiento), Art. 11-16 (derechos ARCO), Art. 19-20 (aviso de privacidad y medidas de seguridad)
Argentina's data protection law. Supervised by AAIP. Argentina holds an EU adequacy decision, making it a common data destination for GDPR-compliant transfers. Applies to all automated personal data processing.
Most-cited gaps: Art. 4 (calidad de datos), Art. 9 (seguridad), Art. 14-19 (derechos del titular)
Note for auditors
Archiet's reports are gap analyses — they identify what controls your architecture satisfies and what's missing. They are not formal certifications. For SOC 2 or ISO 27001 certification, engage a licensed auditor after addressing the gaps Archiet identifies.