# Compliance

CybrHawk is committed to maintaining the highest standards of security, privacy, and compliance. Our compliance scope covers people, processes and technology — including our CybrHawk platform, supporting infrastructure, and 24x7 SOC operations.

## Global Standards and Certifications

CybrHawk is certified and compliant with the following internationally recognised standards:

* **ISO/IEC 27001** – Information Security Management System (ISMS) certification.
* **SOC 2** – Assurance of secure systems, availability, confidentiality, and integrity.
* **PCI DSS** – Compliance for environments processing or transmitting payment data.
* **GDPR (General Data Protection Regulation)** – Alignment with EU and UK privacy regulations for processing and safeguarding personal data.
* **HIPAA (Health Insurance Portability and Accountability Act)** – Support for customers in the healthcare sector requiring healthcare data privacy and security controls.

***

## Audit and Assurance Support

CybrHawk actively supports customers during internal and external audits by:

* Providing evidence and artefacts for ISO, IRAP, DISP, PCI DSS, SOC 2, HIPAA, and GDPR assessments.
* Coordinating with security officers to validate compliance requirements.

**Copies of certifications and supporting evidence can be provided to customers upon request, subject to NDA or contractual obligations.**

***

## Customer Responsibilities

While CybrHawk provides compliance-ready services, customers are responsible for:

* Keeping escalation contact lists up to date.
* Ensuring log sources and telemetry are enabled and accessible.
* Maintaining customer-side controls such as patching, access management, and backups.
* Participating in governance and compliance reviews to validate ongoing readiness.

***

## References

* [ISO/IEC 27001 Standard](https://www.iso.org/isoiec-27001-information-security.html)
* [SOC 2 Trust Principles](https://www.aicpa.org/soc4so)
* [PCI DSS Standard](https://www.pcisecuritystandards.org/)
* [GDPR Overview](https://gdpr-info.eu/)
* [HIPAA Security Rule](https://www.hhs.gov/hipaa/for-professionals/security/index.html)
* [ASD Essential Eight](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight)
* [Protective Security Policy Framework](https://www.protectivesecurity.gov.au/)


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://cybrhawksoc.gitbook.io/cybrhawk-docs/legal-and-compliance/compliance.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.