🔒 New 2026 HIPAA Security Rule (NPRM) requirements are now in effect — book a free gap assessment →
Free Compliance Resources

Everything You Need to
Stay Compliance-Ready.

Guides, checklists, webinars, and tools for health tech teams navigating HIPAA, SOC 2, and ITSG-33 — built by our compliance experts.

📘 eBooks & In-Depth Guides

View All
🏥
eBook HIPAA
HIPAA Compliance for Health Tech Startups: A Founder's Playbook
Everything a health tech founder needs to know about HIPAA — from determining if you're a covered entity to implementing technical safeguards — in plain language.
Download Free → 36 pages
🔐
eBook SOC 2
SOC 2 Type II in 90 Days: A Realistic Timeline for SaaS Teams
How growing health tech SaaS companies achieve SOC 2 Type II certification without derailing engineering — including a week-by-week project plan.
Download Free → 28 pages
Canada
eBook ITSG-33
ITSG-33 SA&A Demystified: A Vendor's Guide to Canadian Government Compliance
Break down the ITSG-33 Security Assessment and Authorization process — control profiles, evidence requirements, and how to accelerate your departmental approval timeline.
Download Free → 44 pages
🤝
eBook HIPAA SOC 2
Running HIPAA and SOC 2 Together: Overlaps, Gaps, and a Unified Control Set
Most health tech SaaS platforms need both. This guide maps overlapping controls, identifies gaps, and shows how to maintain both programs without doubling your compliance workload.
Download Free → 32 pages
⚖️
eBook HIPAA
Business Associate Agreements in 2026: What Changed and What You Must Update
The 2026 HIPAA NPRM introduces new requirements for BAA terms, incident notification timelines, and subcontractor accountability. Is your template still compliant?
Download Free → 18 pages
📊
eBook SOC 2
AT-C 315 vs SOC 2: Understanding the New Attestation Standard for Healthcare
The AICPA's AT-C 315 is reshaping how SOC 2 audits are conducted. Learn what changed, how it affects your health tech SaaS audit, and how to prepare your evidence package.
Download Free → 22 pages

✅ Checklists & Quick Guides

View All
Checklist HIPAA
2026 HIPAA Technical Safeguards Checklist
23-point checklist covering every mandatory technical control under the updated Security Rule.
Download → 2 pages
🔐
Checklist SOC 2
SOC 2 Audit Readiness Checklist (CC Series)
Step-by-step checklist for Common Criteria controls — check your readiness before engaging an auditor.
Download → 3 pages
Canada
Checklist ITSG-33
ITSG-33 Annex 3 Control Quick Reference
Security control categories mapped to government classification levels (Protected A/B, Classified).
Download → 4 pages
📋
Checklist HIPAA
HIPAA Breach Response Checklist: First 72 Hours
Step-by-step breach response protocol to meet the HHS notification timeline under the 2026 rules.
Download → 2 pages

🎥 Webinars & Video Sessions

Register for Live Session
🎙
Webinar HIPAA On Demand
HIPAA 2026 NPRM Breakdown: What Every Health Tech CTO Needs to Know
A 45-minute deep-dive into the mandatory encryption, MFA, and incident response changes — with live Q&A from our compliance team.
Watch Now → 45 min
💻
Webinar SOC 2 On Demand
From Startup to SOC 2 Certified: A Live Walkthrough of the Iron Fort Platform
Watch a real health tech SaaS startup go from zero to audit-ready using Iron Fort's automated evidence collection and control library.
Watch Now → 38 min
🏛
Webinar ITSG-33 Upcoming · Jun 12
Winning Canadian Federal Contracts: ITSG-33 SA&A Accelerated
Our government compliance specialists walk through the departmental SA&A process and show how Iron Fort automates 80% of the evidence burden.
Register → 60 min

🛠 Free Interactive Tools

🤖
Free Tool HIPAA
HIPAA Covered Entity Checker
Answer 8 questions and instantly determine if your organization is a covered entity, business associate, or neither — with an explanation of your obligations.
Use Tool → 2 min
📊
Free Tool HIPAA
HIPAA Roadmap Evaluator
A structured 15-question assessment that generates a personalized HIPAA implementation roadmap with priority recommendations for your organization size.
Start Evaluation → 5 min
🔬
Free Tool All Frameworks
AI Policy Gap Analyzer
Paste your existing security policy and our AI instantly identifies gaps against HIPAA, SOC 2, or ITSG-33 requirements — with specific remediation guidance.
Try Free → Instant results

📰 Latest Articles

View All Articles
Article HIPAA
Why Generic HIPAA Training Fails Health Tech Teams
One-size-fits-all HIPAA training is leaving technical teams exposed. Here's what role-specific training actually looks like.
Read → 6 min read
Article SOC 2
The Real Cost of Late-Stage Compliance Remediation
Fixing compliance gaps six weeks before your SOC 2 audit costs 3–5× more than catching them early. Here's the data.
Read → 8 min read
Article HIPAA
The 2026 HIPAA Security Rule Is Getting a Facelift
A plain-language breakdown of every significant change in the 2026 HIPAA Security Rule NPRM and what it means for your tech stack.
Read → 10 min read
Article SOC 2 HIPAA
Building a Modern Compliance Stack for Health Tech SaaS
A CTO's guide to the tools, integrations, and automation patterns that make continuous compliance achievable without a dedicated compliance team.
Read → 12 min read

No resources match this filter

Try selecting "All Resources" or book a strategy call for personalized guidance.

Stay Ahead of Compliance Changes

New resources, framework updates, and compliance alerts delivered to your inbox — no fluff, just what compliance teams need to know.