Compliance Overview
How WNCYBER supports SOC 2, ISO 27001, HIPAA, GDPR, and other compliance frameworks through audit logging, access governance, and reporting.
WNCYBER’s audit logging, access governance, and reporting capabilities are designed to support the identity and access management requirements of major compliance frameworks.
Supported Frameworks
SOC 2 (Type I & Type II)
WNCYBER directly addresses multiple SOC 2 Common Criteria:
| Criteria | WNCYBER Capability |
|---|---|
| CC6.1 — Logical access | Identity governance, MFA enforcement, access certification |
| CC6.2 — User registration | Joiner/Mover/Leaver lifecycle automation |
| CC6.3 — Access removal | Automated deprovisioning, offboarding workflows |
| CC6.6 — Network access | Session brokering, privileged access control |
| CC7.2 — Security monitoring | Continuous behavioural monitoring, anomaly detection |
ISO 27001 (Annex A)
| Control | WNCYBER Capability |
|---|---|
| A.9.2 — User access management | Automated provisioning and deprovisioning |
| A.9.4 — System and application access | Policy-based access control, session brokering |
| A.9.2.5 — Review of user access rights | Automated access certification campaigns |
| A.12.4 — Logging and monitoring | Immutable audit log, SIEM integration |
HIPAA
For healthcare organisations, WNCYBER supports HIPAA Technical Safeguards:
- Unique user identification — every user has a unique identity; no shared credentials
- Emergency access procedure — break-glass access with full audit trail
- Automatic logoff — configurable session timeout for privileged sessions
- Audit controls — full activity audit for access to ePHI systems
- Person or entity authentication — MFA enforcement and contextual access policies
GDPR
WNCYBER supports GDPR compliance for identity data:
- Data subject access requests — export all identity data for a specific user
- Right to erasure — remove WNCYBER-held identity data on request
- Data minimisation — discover and flag access rights that are disproportionate to legitimate purpose
- Audit trail — complete record of all access to personal data systems
Audit Logging
What Is Logged
WNCYBER logs every identity event, including:
- Authentication events (success, failure, MFA outcome)
- Access grants and denials (with policy evaluation detail)
- Credential issuance and revocation
- Policy changes (who changed what, when)
- Administrative actions (configuration changes, user management)
- Session events (start, activity, termination)
Logs are tamper-resistant and retained according to your configured retention policy (default: 1 year).
Log Export
Export logs to your SIEM or compliance system:
- Real-time streaming — via webhook to Splunk, Datadog, Microsoft Sentinel, or any webhook-compatible SIEM
- Bulk export — export to S3, Azure Blob, or GCS on a scheduled basis
- API access — query logs programmatically via the WNCYBER Audit API
Navigate to Settings → Audit Log → Export Configuration to set up exports.
Compliance Reports
WNCYBER includes pre-built compliance reports accessible from Reports → Compliance:
- Access certification summary — completion rates, outstanding reviews, remediation actions taken
- Privileged access report — who has privileged access, session activity, and anomalies
- Dormant account report — accounts inactive beyond the configured threshold
- Separation of duties report — identities with potentially conflicting role combinations
- Password policy compliance — accounts not meeting password requirements
Reports can be exported as PDF or CSV and scheduled for automatic delivery to stakeholders.