Free compliance resources
Everything we've learned about SOC 2, HIPAA, ISO 27001, PCI DSS, and GDPR — for free. No signup required. We make our money from the platform; the knowledge is on us.
In-depth Guides
Long-form walkthroughs of frameworks, controls, and audit prep — written for engineers who actually do the work.
Tool ↔ Framework Compatibility
"Is X SOC 2 compliant?" answered for AWS, Azure, GCP, GitHub, Okta, Salesforce, Zoom, and 40+ more tools.
Readiness Tools
Interactive quizzes that score your SOC 2, HIPAA, GDPR readiness in 5 minutes. No signup.
Pre-Audit Checklists
Step-by-step checklists per framework so you know exactly what to have ready before an auditor arrives.
Compliance Glossary
Plain-English definitions of SOC 2 TSC, NIST controls, HIPAA Security Rule subparts, and more.
Compliance News
Daily-curated news on SOC 2, ISO 27001, HIPAA, GDPR, PCI DSS — fines, breaches, regulatory changes.
Featured guides
A few of our most-read deep-dives.
NIST 800-53 Control Families
NIST Special Publication 800-53 Revision 5 is the most comprehensive catalog of security and privacy controls published by the U.S. government. It contains over 1,000 controls organized into 20 families, serving as the foundation for federal information system security (required by FISMA) and the control baseline for FedRAMP cloud authorizations. Private sector organizations increasingly adopt NIST 800-53 as a rigorous alternative to less prescriptive frameworks. This guide provides an overview of all 20 control families with practical implementation guidance.
PCI DSS Merchant Levels Explained (2026)
PCI DSS compliance validation requirements vary based on your merchant level, which is determined primarily by the volume of payment card transactions your organization processes annually. Understanding your merchant level is the first step in determining your compliance obligations, including whether you need a full on-site assessment by a Qualified Security Assessor or can self-validate using a Self-Assessment Questionnaire. This guide explains the four merchant levels, how they are determined, and the specific validation requirements for each.
Ready to skip the manual work?
PoliWriter automates everything our guides describe — policy generation, integrations, continuous monitoring, evidence collection. From $199/month.