Your Compliance Risk Score — Choose Your Framework
Pick your regulatory framework below. Get an instant readiness score, your top control gaps, and penalty exposure summary.
Used by compliance officers, legal teams, and operations leaders across regulated industries
1 Pick your framework
→
2 Answer 3–4 questions
→
3 Get your score + action items
Which Framework Applies to You?
Select the regulatory framework your organization needs to comply with. Not sure? Start with the one that carries the highest penalties for your industry.
⚕️
HIPAA
Health Insurance Portability & Accountability Act
Applies to healthcare providers, health plans, clearinghouses, and their business associates. Governs protected health information (PHI) privacy, security, and breach notification.
HealthcareHealth ITBusiness Associates
⚖️Penalties up to $2.13M per violation category/year
Applies to SEC-registered public companies and their subsidiaries. Requires CEO/CFO certifications (Sec. 302), internal controls assessments (Sec. 404), and criminal certifications (Sec. 906).
Applies to virtually all US employers with workers. Covers workplace safety standards, injury/illness recordkeeping (OSHA 300), Hazard Communication, and industry-specific standards for construction, manufacturing, and healthcare.
Applies to any organization that processes personal data of EU residents — including US companies with EU customers, users, or employees. Covers consent, data subject rights, breach notification, and DPA requirements.
Applies to all merchants and service providers that store, process, or transmit cardholder data. PCI DSS 4.0 is now the required standard (March 2024). Non-compliance can result in card acceptance being revoked.
Applies to broker-dealers, investment advisers, public companies, and financial technology firms. Key rules include Regulation S-P cybersecurity (amended 2024), Reg BI, Form ADV, and cybersecurity incident disclosure (Form 8-K).
Broker-DealersInvestment AdvisersFinTech
⚖️Tier III civil penalties $215,000+ per violation
Choose your industry, entity type, and key risk factors. Framework-specific questions — no generic checkbox lists.
2
Instant risk scoring
Our scoring engine calculates your readiness risk score (0–100) against a framework-specific control library. All computed in-browser — no data leaves your device.
3
Act on your results
Get prioritized control gaps, upcoming deadlines, and penalty exposure. Save your results to email, PDF, or your dashboard.
6
Regulatory Frameworks
60s
Average Time to Results
$0
Cost — Always Free
0
Signups Required
Stay Ahead of Enforcement
Weekly compliance intelligence — enforcement actions, regulatory changes, and penalty updates across all six frameworks. Trusted by compliance officers at 200+ organizations.
No spam. Unsubscribe anytime. Your email stays private.
Frequently Asked Questions
Your applicable frameworks depend on your industry and data types. HIPAA applies to healthcare providers, health plans, and their business associates. SOX applies to publicly traded companies and subsidiaries. OSHA applies to virtually all US employers. GDPR applies to any organization handling EU residents' data. PCI-DSS applies to any business accepting card payments. SEC/FINRA applies to broker-dealers, investment advisers, and public companies. Many businesses are subject to multiple frameworks simultaneously.
A compliance risk assessment systematically identifies gaps between your current practices and regulatory requirements. It quantifies your penalty exposure and prioritizes remediation actions. Regulators — including OCR (HIPAA), SEC (SOX), OSHA, and payment card brands — all require or strongly recommend regular risk assessments as part of a documented compliance program. An undocumented risk assessment is itself a compliance finding in most frameworks.
Compliance Pulse scores are calibrated against publicly available enforcement data, regulatory guidance, and audit finding patterns. They are designed to surface your most critical gaps and provide directional accuracy — not to certify compliance or replace a formal compliance assessment. A higher score (0–100) indicates greater risk exposure. Always review results with qualified legal or compliance counsel. See our AI Disclaimer for full scope limitations.
Penalties vary by framework: HIPAA — up to $2.13M per violation category per year (45 CFR §160.404). SOX — civil penalties up to $5M, criminal penalties up to $5M + 20 years. OSHA — serious violations up to $16,550/citation; willful/repeated up to $165,514/citation. GDPR — up to €20M or 4% of global annual turnover. PCI-DSS — $5K–$100K/month per payment brand until compliant. SEC — Tier III civil penalties $215,000+ per violation (2024 adjusted).
No. All framework assessments are free and require no account. Results are generated instantly in your browser — no data is transmitted unless you choose to email or save your results. Creating a free account lets you track your score history and access saved results.
Yes. Each framework assessment is independent. If your organization is subject to multiple frameworks — for example, a publicly traded healthcare company subject to both SOX and HIPAA — run each assessment separately to get a complete picture of your cross-framework risk exposure. The Compliance Readiness Quiz also covers all frameworks in a single 20-question diagnostic.