Framework library · continuously synced

The frameworks your supply chain runs on.

Whatever you move — food, pharma, materials, components or data — these are the regimes your suppliers must prove against. Plain-English guides to each: what it demands, the evidence auditors actually sample, and how ComplianceFlow keeps a living copy mapped to your requirements.

Food & Beverage

FSMA 204FDA’s traceability rule: keep and produce lot-level records for high-risk foods within 24 hours.HACCPThe preventive food-safety system behind almost every food regulation: identify hazards, control them at critical points, prove it.SQFThe GFSI scheme most demanded by North American retailers — with supplier documentation woven through every module.BRCGSThe GFSI scheme with the strictest supplier-approval clauses — Issue 9 makes raw-material risk assessment explicit.ISO 22000The international FSMS standard combining HACCP with management-system discipline across the supply chain.

Pharma & Life Sciences

GMP · 21 CFR 211FDA’s current Good Manufacturing Practice: every component, supplier and test result documented and defensible.21 CFR Part 11The FDA rule that makes electronic compliance records trustworthy: audit trails, access control, signature integrity.

Trade & Responsible Sourcing

NewUFLPAUS customs law with a rebuttable presumption: prove your supply chain is forced-labor-free, or your goods don’t enter.NewEUDRSell cattle, cocoa, coffee, palm oil, rubber, soy or wood products into the EU? You now owe plot-level geolocation proof.NewCSRD / CSDDDThe EU’s twin sustainability regimes turn your supplier relationships into reportable, auditable data.

Quality Management

ISO 9001The world’s most adopted management standard — clause 8.4 makes supplier control everyone’s problem.

Data & Security

ISO 27001The international ISMS standard — and the supplier-security clauses your enterprise customers audit you against.SOC 2The de-facto North American security attestation — vendor management evidence is sampled in every Type II audit.GDPREU data protection law — Article 28 makes you accountable for every processor in your chain.HIPAAUS health-data law — every vendor touching PHI needs a BAA and documented oversight.NIST CSFThe US cybersecurity framework — CSF 2.0 elevates supply-chain risk management into the new Govern function.

Your frameworks, mapped to your suppliers.

Public standards, customer specifications and internal policies live side-by-side — every clause tied to the supplier evidence that proves it.

Book a demo Back to home