Frameworks
Any standard. Any regulation. Processed and connected.
Porticus has processed hundreds of compliance frameworks, regulations, and certification schemes across every domain. Every control, test, and policy is cross-linked across programmes - so satisfying one requirement compounds value across your entire compliance portfolio.
We don't maintain a static list. Our AI reads any standard and builds connected programmes.
Traditional compliance tools maintain a fixed library. When a new standard emerges, you wait.
Porticus is different: our AI engine processes the actual text of any standard, regulation, or certification scheme; extracting requirements, structuring controls and tests, writing policies, and cross-linking everything to your existing programmes.
If your standard isn't in our system yet, we add it before you go live.
1. Processing
Our AI reads the source standard, extracts every requirement, and structures it into controls, tests, and policies.
2. Cross-Linking
Every element is mapped against all other programmes in your system. Shared controls, parallel tests, equivalent policies - all identified.
3. Programme Generation
A complete, connected compliance programme is generated. Customised to your business context and linked to everything else you manage.
4. Continuous Maintenance
When the standard is updated, your programme updates. Cross-programme relationships are recalculated. Nothing falls behind.
Explore frameworks by domain.
Cybersecurity & Information Security
- • ISO 27001 (Global)
- • SOC 2 (US/Global)
- • PCI DSS (Global)
- • NIST CSF (Global)
- • Cyber Essentials (UK)
- • ENISA (EU)
- • CMMC (US)
- • National frameworks (Global)
Workplace Safety & Health
- • Health and Safety at Work Act 2015 / WorkSafe NZ (NZ)
- • Work Health and Safety Act 2011 / Safe Work Australia (AU)
- • ISO 45001 (Global)
- • EU OSH Directives
- • OSHA (US)
- • Bloodborne Pathogens (Global)
- • Ergonomics (Global)
- • Emergency action plans (Global)
Environmental
- • Resource Management Act 1991 / EPA NZ (NZ)
- • Protection of the Environment Operations Act (AU)
- • ISO 14001 (Global)
- • EU REACH
- • PFAS (Global)
- • EPA / CAA / RCRA (US)
- • Extended Producer Responsibility (Global)
- • Local environmental laws (Global)
Food Safety
- • Food Act 2014 / MPI (NZ)
- • FSANZ Food Standards Code (AU/NZ)
- • HACCP (Global)
- • ISO 22000 (Global)
- • FSSC 22000 (Global)
- • BRC Food (UK/EU/Global)
- • SQF (Global)
- • IFS (EU)
- • FDA FSMA (US)
- • Allergen management (Global)
- • Labelling compliance (Global)
- • Facility sanitation standards
Quality Management
- • ISO 9001 (Global)
- • GMP (Global)
- • ISO 13485 (Medical Devices)
- • IATF 16949 (Automotive)
- • AS9100 (Aerospace)
- • Customer audits
- • Proprietary audits
- • Supply chain due diligence
Employment & Labour Law
- • Employment Relations Act 2000 / Holidays Act (NZ)
- • Fair Work Act 2009 (AU)
- • EU labour laws
- • Multi-country employment (Global)
- • Pay equity & transparency (Global)
- • AI hiring regulations (Global)
- • Leave entitlements (Global)
- • Background checks
- • Credentialing
- • FLSA (US)
Privacy & Data Protection
- • Privacy Act 2020 (NZ)
- • Australian Privacy Act 1988 (AU)
- • GDPR (EU)
- • National privacy laws (Global)
- • CCPA/CPRA (US)
- • HIPAA Privacy (US)
- • Data Processing Agreements (Global)
Healthcare & Medical
- • Health and Disability Services Standards (NZ)
- • Medicines Act 1981 (NZ)
- • Privacy Act 2020 (NZ)
- • Ahpra / professional registration (AU)
- • National accreditation standards (AU/NZ)
- • ISO 15189 (EU/Global)
- • HIPAA (US)
- • Joint Commission (US)
- • Controlled substances laws (Global)
Professional Services & Education
- • Professional body standards (NZ/AU/Global)
- • CPD / CE tracking (Global)
- • National licensing (Global)
- • Client confidentiality (Global)
- • Ethics standards (Global)
- • Liability standards (Global)
Construction & Project-Specific
- • HSWA / WorkSafe NZ (NZ)
- • Site-Specific Safety Plan (SSSP) (NZ)
- • Building Act 2004 (NZ)
- • Work Health and Safety Regulations (AU)
- • Owner & general contractor requirements
- • JHA / JSA (Global)
- • ISO 45001 (Global)
- • Building codes (Global)
- • Multi-jurisdiction labour law (Global)
Organic, GAP & Export Standards
- • BioGro Organic Certification (NZ)
- • ACO - Australian Certified Organic (AU)
- • MPI Export Health Certificates (NZ)
- • AQIS / DAFF Export Requirements (AU)
- • GlobalG.A.P. (Global)
- • Freshcare (AU)
- • EU Organic Regulation 848/2018 (EU)
- • USDA National Organic Program (US)
- • GRASP (Global)
- • EUDR Deforestation Due Diligence (EU)
- • Phytosanitary certificates (Global)
Social, Ethical & Industry-Specific
- • SEDEX / SMETA (Global)
- • SA8000 (Global)
- • Rainforest Alliance / UTZ (Global)
- • Fairtrade (Global)
- • Modern Slavery Act (AU/UK)
- • EU Corporate Sustainability Due Diligence (CS3D)
- • Customer-specific proprietary audits
- • Internal house standards & group policies
- • Board-mandated compliance frameworks
Technology & Industry-Specific
- • Security questionnaires
- • Data Processing Agreements (DPAs)
- • Custom audit requirements
- • PCI DSS (fintech, Global)
- • HIPAA (healthtech, US)
- • National/sectoral frameworks (Global)
Every connection reduces your work.
Porticus maps relationships between standards across every domain. When you satisfy a control in one programme, that satisfaction flows to every other programme that shares it. Adding each new programme costs less than the last.
- • WorkSafe NZ chemical handling ↔ RMA hazardous substances ↔ ISO 14001 - one protocol satisfies all three
- • ISO 27001 access controls ↔ SOC 2 ↔ Privacy Act 2020 (NZ) - shared controls, one set of evidence
- • ISO 9001 management review ↔ ISO 14001 ↔ ISO 45001 ↔ ISO 27001 - shared structure, shared effort
- • HACCP prerequisites ↔ WorkSafe NZ safety ↔ food premises inspection - one training set, three requirements met
- • GlobalG.A.P. traceability ↔ BioGro organic chain-of-custody ↔ MPI export health ↔ EUDR - one record satisfies four markets
%20--%3e%3cg%3e%3ccircle%20cx='800'%20cy='450'%20r='80'%20fill='%230D9488'%20fill-opacity='0.16'%20class='outline'/%3e%3c!--%20Surrounding%20nodes%20--%3e%3cg%20opacity='0.95'%3e%3ccircle%20cx='520'%20cy='320'%20r='34'%20fill='%233B82F6'%20fill-opacity='0.12'%20class='soft'/%3e%3ccircle%20cx='600'%20cy='610'%20r='34'%20fill='%23F59E0B'%20fill-opacity='0.12'%20class='soft'/%3e%3ccircle%20cx='1080'%20cy='330'%20r='34'%20fill='%2316A34A'%20fill-opacity='0.12'%20class='soft'/%3e%3ccircle%20cx='1120'%20cy='600'%20r='34'%20fill='%237C3AED'%20fill-opacity='0.10'%20class='soft'/%3e%3ccircle%20cx='430'%20cy='520'%20r='28'%20fill='%23D6D0C5'%20fill-opacity='0.35'%20class='soft'/%3e%3ccircle%20cx='1180'%20cy='470'%20r='28'%20fill='%23D6D0C5'%20fill-opacity='0.35'%20class='soft'/%3e%3c!--%20Selected%20nodes%20emphasized%20--%3e%3ccircle%20cx='680'%20cy='300'%20r='30'%20fill='%230D9488'%20fill-opacity='0.12'%20class='outline'/%3e%3ccircle%20cx='940'%20cy='520'%20r='30'%20fill='%230D9488'%20fill-opacity='0.12'%20class='outline'/%3e%3c/g%3e%3c!--%20Connections%20--%3e%3cg%20opacity='0.8'%3e%3cpath%20d='M554%20332L730%20402'%20class='soft'/%3e%3cpath%20d='M634%20600L742%20520'%20class='soft'/%3e%3cpath%20d='M1048%20342L870%20402'%20class='soft'/%3e%3cpath%20d='M1090%20588L904%20510'%20class='soft'/%3e%3cpath%20d='M458%20512L720%20450'%20class='soft'%20opacity='0.6'/%3e%3cpath%20d='M1152%20476L900%20460'%20class='soft'%20opacity='0.6'/%3e%3cpath%20d='M700%20315L770%20395'%20class='accent'%20opacity='0.75'/%3e%3cpath%20d='M915%20515L855%20495'%20class='accent'%20opacity='0.55'/%3e%3c/g%3e%3c!--%20Subtle%20halos%20to%20imply%20clusters%20--%3e%3ccircle%20cx='560'%20cy='420'%20r='240'%20fill='%233B82F6'%20fill-opacity='0.04'/%3e%3ccircle%20cx='1040'%20cy='500'%20r='260'%20fill='%2316A34A'%20fill-opacity='0.035'/%3e%3c/g%3e%3c/svg%3e)
Don't see your standard? We'll add it. Fast.
Because Porticus processes the text of any standard rather than maintaining a static list, adding a new framework is a matter of days, not months. Upload your standard, regulation, customer contract, or internal policy and our AI processes it - extracting requirements, generating controls and tests, writing policies, and cross-linking it to everything else in your system. If you sign up and your framework isn't there yet, we'll add it before you go live.