Wasatch Solutions

Compliance & Regulatory Technology

Compliance-supporting software for SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, SOX, and more.

Wasatch Solutions builds the technology layer behind your compliance program — evidence, controls, reporting, documentation, approvals, audit trails, and regulated workflows.

Scope matters. We do not claim that every engagement touches every framework on this page. We map the technology to the specific obligations, controls, and evidence needs that matter for your environment — and we say so plainly when something is out of scope.

Important: Wasatch Solutions provides software engineering and technical implementation support — not legal advice, audits, or attestations. Engage qualified legal counsel and a licensed assessor / auditor for interpretation of regulations and formal certification.

Frameworks we build toward

The standards your auditors, customers, and regulators already ask about.

We don't issue certifications — we build the systems that make them achievable and repeatable. Each engagement maps technology decisions back to the specific controls your framework requires.

Security & trust attestations

  • SOC 2 (Type I & II)

    Evidence collection, control mapping, continuous monitoring tooling

  • ISO/IEC 27001 & 27701

    ISMS/PIMS workflows, Statement of Applicability tracking, audit prep

  • HITRUST CSF

    Control-by-control evidence systems for healthcare and regulated industries

Privacy & data protection

  • GDPR & UK GDPR

    RoPA, DSAR tooling, lawful-basis tracking, cross-border transfer logs

  • CCPA / CPRA

    Consumer rights workflows, opt-out signaling, vendor data inventories

  • HIPAA / HITECH

    PHI access controls, audit logs, breach reporting workflows, BAAs

  • FERPA & GLBA

    Education and financial-services data handling and disclosure controls

Industry & payments

  • PCI DSS 4.0

    Scope reduction, segmentation evidence, logging, and reporting pipelines

  • SOX ITGC

    Change management, access reviews, segregation of duties, evidence trails

  • FDA 21 CFR Part 11

    Validated systems, electronic signatures, audit trails for life sciences

Government & federal

  • FedRAMP (Moderate / High)

    Control implementation support, SSP evidence, continuous-monitoring tooling

  • CMMC 2.0

    CUI handling, boundary documentation, and assessment-evidence systems

  • NIST 800-53 & 800-171

    Control inheritance, POA&M tracking, and reporting dashboards

Secure software supply chain

  • NIST SSDF (SP 800-218)

    Secure SDLC tooling, build provenance, dependency and SBOM workflows

  • SLSA & SBOM (CycloneDX / SPDX)

    Artifact signing, attestation pipelines, vulnerability surfacing

  • NIST CSF 2.0

    Govern/Identify/Protect/Detect/Respond/Recover program tooling

AI governance

  • EU AI Act

    Risk classification, technical documentation, post-market monitoring systems

  • NIST AI RMF

    Model inventories, evaluation logs, dataset documentation, oversight workflows

  • ISO/IEC 42001

    AI management system tooling and documentation pipelines

What we build

Software that makes the right thing the easy thing.

Audit evidence and control workflows

Capture and structure the artifacts auditors actually ask for — automatically where possible, with clear ownership where not. Built to satisfy SOC 2, ISO 27001, and HITRUST evidence requests.

Regulatory reporting support

Aggregation, transformation, and presentation pipelines that turn operational data into the report formats your obligations require — SOX, GLBA, HIPAA breach reporting, GDPR records of processing, and more.

Data governance and traceability

Classification, lineage, retention, and access tracking that make data movement explainable and defensible under GDPR, CCPA, HIPAA, and FERPA.

Secure document and approval workflows

Versioned documents, multi-step approvals, attestations, and signed checkpoints with full audit trails — useful for SOX change management, ISO 27001 policy lifecycle, and FDA 21 CFR Part 11-style controls.

Internal compliance portals

Role-aware portals that show staff exactly the controls, tasks, and evidence they own — and what's overdue. Designed to mirror your control framework, not a generic GRC template.

Secure SDLC and NIST SSDF tooling

Build-pipeline controls, dependency tracking, SBOM generation, code provenance, and release attestations aligned with NIST SP 800-218 (SSDF) and SLSA expectations from federal and enterprise buyers.

AI governance and the EU AI Act

Model inventories, risk classification, evaluation logs, dataset documentation, and human-oversight workflows aligned with NIST AI RMF and EU AI Act obligations.

AI-assisted compliance review with human oversight

Use AI to surface anomalies, summarize documents, and pre-screen reviews — with reviewers always in the loop for decisions.

Compliance technology, designed and delivered.

From discovery and architecture through implementation and operation — let's scope a system that holds up to audit.

Contact Wasatch Solutions