Compliance
The regulatory frameworks Mandry operates against. Controls, content, and audit-ready documentation.
Framework-specific managed IT and cybersecurity for healthcare, banking, government, and private education, under one SOC 2 Type II operating discipline.
Mandry Technology maintains controls, content, and audit-ready documentation mapped to the frameworks compliance buyers actually answer to: HIPAA, FFIEC, GLBA, FERPA, TX-RAMP, Texas DIR, CIS Controls, and SOC 2 Type II. Each framework page describes what examiners expect, which Mandry practices map to those obligations, and the evidence produced continuously through the compliance documentation program.
Frameworks
Browse by regulatory framework.
Each page describes what examiners expect, which Mandry practices map to those obligations, and the evidence produced continuously through the compliance documentation program.
HIPAA
Healthcare: Security Rule, Privacy Rule, breach notification.
FFIEC
Banking IT examination.
GLBA
Financial services and higher-ed financial aid.
FERPA
Education records.
TX-RAMP
Texas state cloud vendor certification.
Texas DIR
Texas state and local government cybersecurity.
CJIS
Law enforcement access controls and audit requirements.
CIS Controls
CIS v8 prioritized safeguards and Implementation Groups.
SOC 2 Type II · ours
MSP operating discipline; Mandry's own attestation.
By industry
Framework obligations by vertical.
Each headline industry page maps framework obligations to operational context. Start with your vertical, or browse frameworks directly above.
Healthcare
HIPAA. EHR continuity. 24/7 clinical environments.
Banking & Finance
FFIEC. GLBA Safeguards. Examination-grade IT.
State & Local Government
Texas DIR. TX-RAMP. CJIS.
Private Education
FERPA. GLBA Safeguards. Small IT teams under audit pressure.
Other Industries
Full practice stack for regulated and mid-market organizations.
Choosing a managed IT services company is itself a compliance-visible decision.
The right time to evaluate one is before the audit, before the breach, before the regulator's letter arrives.
What brings you here?
