After introducing the Saudi Aramco SACS-002 framework last week, we have rolled out one of the most substantial platform updates we have delivered so far.
Three major additions in a single release: full HIPAA compliance management, CMMC 2.0 readiness, and a learning management system that feeds directly into your ISMS evidence library.
HIPAA compliance management
This is a full ISMS module built specifically for HIPAA. It goes beyond a checklist.
The module covers safeguard controls across administrative, physical, and technical domains. It includes breach management with notification letter generation, PHI and Business Associate tracking, evidence management, gap analysis, internal audits, and training integration.
If you handle protected health information, this is designed to operate as a complete, working compliance programme rather than a static assessment.
Learning management system
54 training modules across 10 frameworks, spanning Foundation, Practitioner, and Advanced levels. The system includes a built-in content builder, assessments with automated scoring, certificate generation, and a passwordless employee portal.
Completed training feeds directly into your ISMS as evidence, removing manual tracking entirely. When an employee completes a module, the evidence is there. No screenshots, no spreadsheets, no chasing people for proof.
CMMC 2.0
Support for Level 1 and Level 2 practices, with NIST 800-171 mapping, SPRS score calculation, System Security Plans, and POA&M tracking. The module also includes domain-level readiness scoring so you can see exactly which areas need attention.
This is built for organisations working within the US defence supply chain that need a clear view of where they stand and what gaps remain before assessment.
What the platform now covers
With this release, RateYourCyber now supports ISO 27001, SOC 2, GDPR, DORA, NIS2, NCA ECC, SACS-002, HIPAA, CMMC, ESG reporting, and NIST. All managed through a unified ISMS approach.
Less time stitching together tools and spreadsheets. Less duplication across frameworks. Clear, real-time visibility of your compliance position. And a faster path from thinking you are compliant to being able to prove it.
One platform, full visibility
Every framework shares the same evidence library, the same risk register, the same control mappings. Work done for one standard contributes to all the others where controls overlap. That is the point of a unified approach, and it is what makes this different from running five separate tools or paying for five separate audits.
If you are building or scaling a GRC programme, it is worth a look.
See the Full Platform
Explore HIPAA, CMMC 2.0, and the rest of the compliance landscape in one place.
Start Your Assessment Get in Touch