Certifications

Standard	Status	Plans
SOC 2 Type II	Certified	Pro and above
HIPAA	Compliant	Enterprise
PCI DSS Level 1	Compliant	Enterprise
GDPR	Compliant	All plans
ISO 27001	Certified	All plans

SOC 2 Type II

RaidFrame is SOC 2 Type II certified. This covers:

Security — access controls, encryption, vulnerability management
Availability — uptime SLAs, disaster recovery, monitoring
Confidentiality — data classification, encryption at rest, access logging

Evidence Generation

Auto-generate SOC 2 evidence packages for your own audits:

rf compliance report soc2 --period Q1-2026 --output soc2-evidence-q1.zip

Generating SOC 2 evidence package...

✓ Access control logs (1,247 entries)
✓ Encryption status (all services verified)
✓ Backup verification (90/90 successful)
✓ Change management (42 deployments, all approved)
✓ Incident history (0 incidents)
✓ Uptime records (99.97%)
✓ Vulnerability scan results (12 scans, 0 critical)

Saved: soc2-evidence-q1.zip (2.3 MB)

This package contains everything your auditor needs — access logs, encryption certificates, backup verification, deployment history, uptime records, and vulnerability scan results.

HIPAA

For healthcare applications handling Protected Health Information (PHI):

rf compliance enable hipaa

Enabling HIPAA compliance mode...

✓ BAA (Business Associate Agreement) generated
✓ PHI data classification enabled
✓ Enhanced audit logging activated
✓ Encryption verified (AES-256 at rest, TLS 1.3 in transit)
✓ Access controls set to minimum necessary
✓ Automatic log retention set to 6 years
✓ Backup encryption verified

HIPAA compliance mode is active.
Download your BAA: rf compliance baa download

HIPAA Features

Business Associate Agreement (BAA) — auto-generated and signed
PHI data tagging — mark database columns containing PHI
Enhanced audit trails — every PHI access is logged
Encryption enforcement — prevents disabling encryption
Minimum necessary access — restricts default permissions
6-year log retention — meets HIPAA record-keeping requirements
Breach notification automation — detect and report potential breaches

PHI Data Tagging

databases:
  main:
    phi_columns:
      patients.name: true
      patients.ssn: true
      patients.dob: true
      patients.diagnosis: true
      visits.notes: true

Tagged columns trigger enhanced access logging and are automatically masked in database branches.

PCI DSS

For applications handling payment card data:

rf compliance enable pci

Network segmentation — payment services isolated in dedicated network
Cardholder data encryption — enforced encryption for card data
Access logging — every access to payment services logged
Vulnerability management — continuous scanning with PCI-specific checks
Penetration testing — annual pen test reports available

GDPR compliance features are available on all plans:

rf compliance gdpr status

Data export — rf compliance gdpr export user_id — generate a user's complete data package
Data deletion — rf compliance gdpr delete user_id — cascade delete across all services and databases
Data processing records — auto-generated Article 30 records
Consent tracking — log consent events with timestamps
Data residency — deploy to specific regions to keep data within EU

Right to Erasure

rf compliance gdpr delete --user-id u_123 --dry-run

DRY RUN — Data to be deleted for user u_123:
  Database: users (1 row)
  Database: orders (7 rows)
  Database: sessions (3 rows)
  Storage: avatars/u_123.jpg (1 file)
  Logs: 142 entries (anonymized, not deleted)
  Search: 1 document in users index

Execute with: rf compliance gdpr delete --user-id u_123

Compliance Dashboard

rf compliance status

COMPLIANCE STATUS
─────────────────
SOC 2 Type II:  ✓ Certified (last audit: 2026-01-15)
HIPAA:          ✓ Active (BAA signed: 2025-09-01)
PCI DSS:        ✗ Not enabled
GDPR:           ✓ Active
ISO 27001:      ✓ Certified

ISSUES (0 critical, 1 warning)
  ⚠ 2 team members have not enabled 2FA (HIPAA requirement)
    Run: rf security 2fa enforce