Compliance Frameworks¶
Framework-specific messaging, requirements, and sales enablement materials
Overview¶
Detailed documentation for each compliance framework SBK supports, including certification requirements, typical timelines, and persona-specific messaging.
Frameworks Covered¶
| Framework | Primary Industries | Typical Timeline |
|---|---|---|
| HIPAA | Healthcare, Dental, Mental Health | 3-6 months |
| SOC 2 | SaaS, Technology, Service Providers | 6-12 months |
| ISO 27001 | Enterprise, International | 9-18 months |
| NIST CSF | Government Contractors, Critical Infrastructure | 3-6 months |
| CMMC | Defense Contractors | 6-18 months |
| PCI DSS | E-commerce, Payment Processing | 3-9 months |
Document Structure¶
Each framework directory contains:
- overview.md — Framework summary and requirements
- messaging.md — Persona-specific talk tracks
- timeline.md — Typical certification path
- cost-factors.md — Investment drivers and ranges
- common-gaps.md — Frequently found deficiencies
Sales Enablement¶
Discovery Questions by Framework: - HIPAA: "When was your last risk assessment?" - SOC 2: "Do enterprise customers require SOC 2 before signing?" - CMMC: "What's your timeline for DoD contract compliance?"