Compliance coverage

Five frameworks. One rule table. Evidence your auditor accepts.

WASViking® maps every finding category to specific controls across PCI DSS v4.0, LGPD, GDPR, BACEN 4893+4658, and ISO 27001:2022. The primary catalog adapts to your scan profile, so a Brazilian fintech sees BACEN first and a European retailer sees GDPR first.

Start free trial Visit Trust Center
A note on what compliance means here

Product capability is not company certification.

The product supports your team in meeting requirements across PCI DSS v4.0, LGPD, GDPR, BACEN 4893 & 4658, and ISO 27001:2022. Separately, WASViking LLC is working toward SOC 2 Type I and ISO 27001 Certification. We do not blur the two.

Framework Scope What WASViking gives the team
PCI DSS v4.0 Cardholder data environment, AppSec, vulnerability management Continuous DAST, SBOM, secrets, change-tracked findings with SLA, signed Evidence Bundle for QSA review
LGPD Article 46 security measures, breach posture Bilingual EN/PT-BR findings, asset inventory with drift, customer audit log, posture proof to data controllers
GDPR Article 32 technical measures, processor accountability Component inventory, vulnerability lifecycle with audit trail, evidence shareable to processors and DPOs
BACEN 4893 + 4658 Brazilian financial cyber resolution Scan profile primary catalog, BACEN-first compliance tab, signed evidence for regulator readiness
ISO 27001:2022 Annex A.5-A.8 technical controls RBAC, audit log, asset inventory, vulnerability and component management, supplier security evidence
How it lands in your auditor's binder

Per-control evidence, not a PDF dump.

Compliance mapping is rendered in both the PDF report and the portal Compliance tab from the same source of truth. The signed SBOM Evidence Bundle attaches directly to the binder. The AI prompt is aware of scan_profile, so commentary speaks the auditor's language.

Per-finding control mapping

Each finding category maps to specific controls. CWE on one axis, control IDs on the other. Filterable in the portal, exportable in CSV.

Customer-facing audit log

/portal/audit-log/, gated by the audit_logs.view capability. Public REST scope audit_logs:read. Mutations wired into UserAuditLog.

Posture Shares for auditors

Tokenized + password share, time-limited, revocable. Bilateral audit log on every access. The auditor sees only what you scope to them.

Company posture

WASViking LLC is working toward.

Transparency is part of how we sell. These are company-level postures, separate from what the product supports for you.

  • SOC 2 Type I (in progress)
  • ISO 27001 Certification (in progress)
  • DPA template available on request
  • Security questionnaire (CAIQ / SIG) on request
  • PCI scope reduction statement on request
Trust Center

Diligence, in one place.

Sub-processors, DPA, Privacy Policy, security questionnaire, SOC 2 roadmap, and PCI scope statement live on the Trust Center.

Open Trust Center

See WASViking® on your own stack.

Start a 14-day trial or talk to our team about an enterprise evaluation. No credit card required for the trial.

Start free trial Talk to sales