Frameworks
The compliance frameworks SMBs actually pursue.
Plain-English guides to SOC 2, CMMC, HIPAA, ISO 27001, and PCI-DSS. What it covers, how long it takes, what it costs, and how Scarlet Risk cuts the path.
SOC 2
The trust report enterprise buyers ask for before they sign.
SaaS vendors, MSPs, and any B2B company that stores customer data — especially when selling to mid-market or enterprise.
CMMC
The DoD's cybersecurity gate. Miss the deadline, lose the contract.
Any organization in the DoD supply chain — prime contractors and every subcontractor handling FCI or CUI.
HIPAA
The baseline for anyone touching Protected Health Information.
Covered entities (providers, health plans, clearinghouses) and their business associates — including SaaS vendors handling PHI.
ISO 27001
The international standard for information security management.
Companies selling globally — especially in Europe, the UK, and APAC — or working with enterprises that mandate ISO certification.
PCI-DSS
The floor for anyone handling cardholder data.
Merchants, service providers, and SaaS platforms that store, process, or transmit cardholder data.
