Northwood BankGovernRegulatory scope
Regulatory scope
Each selected control set pins to a signed version in the Control Mapping Repo. Historical evidence is never re-evaluated under a newer mapping.
EU AI Act4 of 4 subscribed
Art. 12 — Recordkeeping
pinned · v3.1last evaluated 03:00 todayactiveArt. 13 — Transparency to deployers
pinned · v3.1last evaluated 03:00 todayactiveArt. 14 — Human oversight
pinned · v3.1last evaluated 03:00 todayactiveArt. 26 — Deployer obligations
pinned · v3.1last evaluated 03:00 todayactiveSR 11-71 of 1 subscribed
Apr 2026 successor principles
pinned · v1.0last evaluated 03:00 todayactiveDORA1 of 1 subscribed
ICT risk · operational resilience
pinned · v2.0last evaluated 03:00 todayactiveGDPR2 of 2 subscribed
Art. 22 — Automated decisions
pinned · v2.0last evaluated 03:00 todayactiveArt. 30 — Records of processing
pinned · v2.0last evaluated 03:00 todayactiveSOX0 of 1 subscribed
Internal controls (financial reporting)
pinned · v1.2—HIPAA0 of 1 subscribed
Privacy & security rules
pinned · v1.4—Solvency II0 of 1 subscribed
§9 model governance
pinned · v2.1—NYDFS0 of 1 subscribed
23 NYCRR 500 · cybersecurity
pinned · v1.0—ECOA · Reg B0 of 1 subscribed
Adverse action notice
pinned · v1.0—PCI-DSS0 of 1 subscribed
v4.0 SAQ-D
pinned · v4.0—Custom control mappings · build your own predicates against the event store. Customer-defined sets sign-off captured per version.