Frameworks and our posture against each.
GuardKin is built for firms whose compliance review is rigorous. Each framework below is named with our actual status — not aspirational language.
SOC 2 Type II
Status: In preparation — targeted Q4 2026
We are actively preparing for our SOC 2 Type II audit, on track for completion in the next 4–6 months. Trust Service Criteria in scope: Security, Availability, Confidentiality, Processing Integrity. Type II evidences that controls operated effectively across an observation window — not just on a single day. We do not yet hold a report and make no claim of certification until one is issued.
ISO 27001
Status: Within 18 months of launch
Information security management system aligned to international standard. Audit by accredited certification body.
Reg BI (advisor-firm posture)
Status: Operationalized
GuardKin supports firms’ Reg BI obligations — audit trail of consent and visibility, insight framing that distinguishes client benefit from advisor commercial interest, training materials.
RUFADAA online-tool designation
Status: Operationalized
GuardKin qualifies as the online tool under RUFADAA’s three-tier priority system. In RUFADAA-adopting states (currently 46+), designations made through GuardKin carry the highest legal priority — Tier 1 — superseding will/trust/POA defaults for the digital and operational information stored in the vault. Common-law analysis applies in non-adopting states.
HIPAA-grade (voluntary)
Status: Operationalized for medical directives
Voluntary HIPAA-style protections applied to medical directive content. GuardKin is not a covered entity but treats medical content to that standard.
CCPA / CPRA + state privacy laws
Status: Implemented
DSAR workflow: access, delete, and portability within 30 days; correct and appeal within 45 days. Universal opt-out signal (Global Privacy Control) honored. Sensitive-data categories handled per state-specific rules.
GDPR
Status: Implemented at UK / EU launch
Article 28 data processing agreements with all subprocessors. Article 33/34 breach notification within 72 hours. Standard Contractual Clauses for international transfers.