Kaamel offers Drata customers free one-month consultations to help build up your compliance baseline, jumpstart your compliance journey.Learn More

Don't see the framework your buyer wants? We likely do it

Beyond our six flagship frameworks, we deliver the ones below in the same managed model. Controls overlap heavily — the second framework always costs less than the first.

Kaamel's control framework maps each standard's requirements onto one shared control set: organize the evidence once and several frameworks benefit at the same time. If yours isn't listed, just ask.

Automation built on Vanta and Drata · Trusted by nearly 100 companies going global

Also in scope

PCI DSS

Table stakes for card data. SAQ self-assessment or a full ROC audit, scoped to your transaction volume.

SOC 1

The attestation for financial-reporting controls, often required when serving public companies or their supply chains.

SOC 3

The public summary of SOC 2 — postable on your website, no NDA required.

ISO 42001

The international AI management system standard; the next certificate for AI companies, closely aligned with the EU AI Act.

ISO 27017 / 27018

Cloud security and cloud privacy extensions built on 27001 — a differentiator for cloud providers.

ISO 22301

Business continuity management, appearing in enterprise due diligence more and more often.

NIST CSF / 800-171

The reference baseline for US enterprise and government supply chains, and a frequent questionnaire anchor.

CMMC

The entry requirement for the US defense supply chain.

FedRAMP / StateRAMP

The authorization path for selling cloud services to US government — long cycles, plan early.

TISAX

Automotive information security assessment; the pass into European OEM supply chains.

CSA STAR

The Cloud Security Alliance trust registry, based on the CCM matrix and synergistic with ISO 27001.

HITRUST

The comprehensive certification for US healthcare, plannable alongside HIPAA and SOC 2.

Why adding a framework costs less than you think

Controls are built once

Access control, logging, change management — the core controls overlap heavily across frameworks. We organize the overlap once; each new framework adds only its increment.

Evidence reuses automatically

Vanta and Drata map evidence across frameworks natively, so one piece of evidence satisfies several standards at once.

We sequence it for you

Order follows your pipeline: whichever certificate a customer is waiting on comes first, and later frameworks ride on what's already built.

Framework not on the list?

Tell us what your buyer is asking for. We'll assess how much of your existing controls carry over and quote the increment and timeline.