Skip to main content
Checklist

Compliance Checklist

What to look for in infrastructure vendors when you have HIPAA, FERPA, CJIS, NERC-CIP, SOC 2, or PCI-DSS obligations.

Download the ChecklistSchedule a Compliance Review
Compliance review

Vendor Evaluation

Specific questions to ask every infrastructure vendor during evaluation.

Framework-Aware

Coverage for HIPAA, FERPA, CJIS, NERC-CIP, PCI-DSS, and SOC 2.

Battle-Tested

The actual questions our engineers ask on assessments — not generic bullet points.

What the checklist covers

Access Controls

RBAC, MFA, privileged access, and audit-trail expectations.

Encryption

At-rest, in-transit, and in-use encryption with key management.

Segmentation & Isolation

Network segmentation and tenant isolation for regulated workloads.

Logging & Retention

Audit log structure, retention, and tamper-evident storage.

BAAs and Agreements

Business Associate Agreement coverage and subprocessor disclosure.

Incident Response

Breach-notification timelines and IR runbook availability.

Ready for a compliance review?

Schedule a review with a solutions architect.

Schedule Review
Talk to an expert →