Loading…
Loading…
HIPAA, PCI-DSS, SOC 2, and GDPR overlays now emit the auditor-ready artifact pack as files in your generated bundle — not as a sidebar report. Toggle the regime in your blueprint and the artifacts arrive next to your code.
compliance/hipaa/compliance/pci_dss/compliance/soc2/compliance/gdpr/Artifacts are deterministic and re-emit on every regeneration. The companion code generators (audit log infrastructure, multi-region IaC, OAuth chain, payment orchestration with PCI scope minimization) ship as actual code in the same bundle.
Every framework is derived from the same blueprint — change your architecture and all 7 compliance reports update automatically.
Auto-map all 10 Trust Service Categories (Security, Availability, Processing Integrity, Confidentiality, Privacy) to your ArchiMate elements. Generate control narratives with evidence links ready for your auditor.
The generated report is a self-assessment — you still need a licensed CPA firm for official certification. Archiet dramatically reduces the prep time and consulting cost.
Map your architecture to ISO 27001:2022 control domains. Archiet identifies which controls are covered by your existing elements, which have gaps, and generates a Statement of Applicability draft.
Core control mapping for ISO 27001:2022 across the Organizational, People, Physical, and Technological themes. Gap analysis with remediation guidance for each mapped control.
Map your data architecture to GDPR Articles 25 (privacy by design), 32 (security of processing), and 35 (DPIA). Archiet identifies personal data flows and storage locations from your blueprint elements.
Supports DPA submissions in the EU and UK. Not a legal opinion — consult a DPO for formal compliance.
For healthcare teams, Archiet maps your architecture to HIPAA Security Rule safeguards. Identify Protected Health Information (PHI) data flows, storage locations, and access control gaps across your technology and data layers.
Required for any system handling Protected Health Information in the United States. Works alongside GDPR for EU patient data. Note: Archiet generates a readiness assessment — formal certification requires a qualified assessor.
For teams processing or storing payment card data, Archiet maps your architecture to PCI-DSS v4.0 requirements. Identify cardholder data environment scope, network segmentation gaps, and encryption coverage.
Required for any system storing, processing, or transmitting payment card data. Particularly useful for teams integrating with payment processors to understand residual PCI scope.
For financial entities operating in the EU, Archiet maps your architecture to DORA's five pillars of digital operational resilience. Identify ICT risk management gaps, third-party dependency exposure, and incident response coverage from your blueprint.
Mandatory for banks, insurers, investment firms, and their critical ICT providers operating in the EU from January 2025. Archiet generates a readiness assessment against Articles 6, 8, 18, 19, 25, and 28.
For organisations in essential and important sectors across the EU, Archiet maps your architecture to NIS2 cybersecurity risk management obligations. Identify supply chain risk exposure, access control gaps, and incident reporting readiness from your blueprint.
Applies to medium and large organisations in essential sectors (energy, transport, health, digital infrastructure) and important sectors (postal, waste, chemicals, food, manufacturing). Member state transposition deadlines have passed — compliance is required now.
No spreadsheets. No consultants mapping controls by hand. Architecture first, compliance as a byproduct.
Use the AI wizard to describe your architecture in plain English. Archiet builds a structured ArchiMate blueprint with elements, relationships, and layer assignments.
Choose which compliance frameworks apply to your system. Archiet maps your architecture elements to the relevant controls, domains, or service categories automatically.
Get control narratives, evidence links, gap analysis, and a Statement of Applicability — all derived from your architecture. Update your architecture and the reports regenerate.