compliance-atoms

SOC2, HIPAA, ISO27001, PCI, GDPR mapped once with shared control families, evidence types, audit requirements, and cross-framework equivalence — ending the industry-wide redundancy of duplicate control mappings.

Control families, evidence types, audit requirements, and cross-framework equivalences defined once — ending the industry-wide redundancy of duplicate control mappings. Every compliance program in the ecosystem draws from this single catalog.

Catalog at v0.1.0

• 0 atoms across 0 types
• 0 compliance frameworks
• 0 compatibility rules

Atom types

• Seeding in progress — control-family, control, evidence-type, audit-requirement

Civilization-grade properties

• Typed — every atom, composition, and rule validates against a JSON Schema.
• Versioned — every atom has a semver version field; compositions pin by version.
• Machine-readable — /exports/catalog.json is the canonical manifest.
• Composable — compositions reference atoms by ID; references resolve in CI.
• Open — Apache-2.0 licensed.
• Durable — no external dependencies in the hot path.