Standards & Frameworks

Every standard
your industry requires.

SCIT encodes regulatory standards and governance frameworks as queryable compliance logic. Each module evaluates results, configurations, or deployments against the specific requirements of the applicable standard — returning structured determinations any system can act on.

Live — In production
In Development
Planned

Healthcare Water Quality

8 Standards
AAMI ST108
Live
Water for the Processing of Medical Devices
The primary U.S. standard for water quality in healthcare sterile processing. SCIT evaluates microbial counts, endotoxin levels, and chemical contaminants against AAMI ST108 action, alert, and critical limits — with automatic escalation logic for each tier.
Microbial Endotoxin Chemical Sterile Processing
AAMI RD52
Live
Dialysate for Hemodialysis
Defines quality requirements for dialysate used in hemodialysis, including chemical purity and bacteriological safety limits. SCIT evaluates submitted dialysate test results against maximum allowable concentrations and action limits per AAMI RD52.
Dialysate Hemodialysis Chemical Purity
AAMI RD62
Live
Water Treatment Equipment for Hemodialysis
Covers performance, testing, and documentation requirements for water treatment systems used in hemodialysis applications. SCIT evaluates water treatment system performance data and maintenance documentation against RD62 requirements.
Water Treatment Equipment Hemodialysis
AAMI TIR34
Live
Water for the Reprocessing of Medical Devices — Technical Information Report
A technical information report providing guidance on water quality monitoring programs for medical device reprocessing. SCIT uses TIR34 guidance to supplement ST108 evaluations, particularly for monitoring frequency, sampling protocols, and corrective action documentation.
Monitoring Programs Reprocessing Corrective Action
ISO 13959
Live
Water for Haemodialysis and Related Therapies
The international standard for water quality in hemodialysis, specifying maximum allowable concentrations of chemical contaminants and microbiological limits. SCIT evaluates submitted results against ISO 13959 baseline, alert, and action limits with full audit trail documentation.
International Chemical Contaminants Microbiological Audit Trail
ISO 23500
In Development
Preparation and Quality Management of Fluids for Haemodialysis (Series)
A five-part series (ISO 23500-1 through 23500-5) covering the preparation and quality management of fluids for hemodialysis and related therapies — replacing and consolidating earlier ISO standards. SCIT is encoding the full series with part-specific evaluation modules for water, concentrate, and dialysate quality.
5-Part Series Quality Management Concentrate Dialysate
ISO 11663
Live
Quality of Dialysis Fluid for Haemodialysis and Related Therapies
Specifies quality requirements for dialysis fluid at the point of use, including permissible levels of chemical contaminants, microbiological limits, and endotoxin concentrations. SCIT evaluates dialysis fluid test results against ISO 11663 limit values, distinguishing between standard-quality and ultrapure dialysis fluid requirements and generating structured determinations with full audit trail documentation.
Dialysis Fluid Point of Use Ultrapure Endotoxin
ADA / CDC DUWL Standards
Live
Dental Unit Waterline Quality — ADA, CDC & State Dental Board Requirements
The ADA and CDC establish ≤500 CFU/mL of heterotrophic bacteria as the baseline standard for dental unit waterline (DUWL) water quality in nonsurgical procedures, mirroring the EPA Safe Drinking Water Act threshold. Sterile saline or sterile water is required for all surgical procedures. SCIT evaluates DUWL test results against this federal baseline and applicable state-level requirements, which vary materially: Washington State (2021) and Georgia (Rule 150-8-.05, effective July 2025) have enacted mandatory enforceable quarterly testing rules with documentation retention requirements. California has developing mandatory testing legislation. Thirty-five state dental boards have formally adopted CDC recommendations as the standard of care — meaning noncompliance creates license risk even absent a specific state statute. SCIT tracks state dental board rule changes and evaluates practices against the most stringent applicable requirement for their jurisdiction, generating the documentation records required for state board inspection and five-year retention compliance in mandated states.
Dental Unit Waterlines ≤500 CFU/mL Quarterly Testing Georgia Rule 150-8-.05 Washington State 35 State Boards 5-Year Retention Surgical Sterile Water

Laboratory Accreditation

3 Standards
ISO 17025
In Development
General Requirements for the Competence of Testing and Calibration Laboratories
The internationally recognized standard for laboratory competence, impartiality, and consistent operation. SCIT's ISO 17025 module evaluates management system requirements, technical competence evidence, measurement uncertainty documentation, and method validation records — producing accreditation-ready compliance determinations.
Accreditation Competence Measurement Uncertainty Method Validation
ISO 15189
Planned
Medical Laboratories — Requirements for Quality and Competence
Specifies quality management system requirements particular to medical laboratories, including pre-examination, examination, and post-examination processes. Evaluation covers personnel competency, equipment calibration, reference interval documentation, and uncertainty of measurement for clinical results.
Medical Labs Clinical Quality Management Personnel Competency
CLIA 42 CFR §493
Planned
Clinical Laboratory Improvement Amendments
Federal regulatory standards governing laboratory testing on human specimens in the United States. SCIT's CLIA module evaluates quality control, proficiency testing, personnel qualifications, and test system requirements across CLIA complexity categories — waived, moderate, and high complexity.
Federal Quality Control Proficiency Testing Complexity

AI Governance

4 Frameworks
NIST AI RMF 1.0
In Development
Artificial Intelligence Risk Management Framework
The National Institute of Standards and Technology framework for managing risks associated with AI systems across four functions: Govern, Map, Measure, and Manage. SCIT evaluates AI deployments against RMF profile requirements, producing documented risk determinations and gap assessments for each function area.
Govern Map Measure Manage Risk Profile
EU AI Act
Planned
European Union Artificial Intelligence Act
The EU's comprehensive AI regulatory framework, establishing risk-based classification of AI systems as unacceptable, high, limited, or minimal risk — with conformance obligations scaling with risk tier. SCIT evaluates AI system characteristics against risk classification criteria and generates documentation required for high-risk system conformance assessment.
Risk Classification High-Risk Systems Conformance EU Regulation
ISO/IEC 42001
Planned
Artificial Intelligence Management System
The international standard specifying requirements for establishing, implementing, maintaining, and continually improving an AI management system within organizations. Evaluates AI governance structure, risk assessment processes, impact assessment methodology, and transparency and accountability controls against ISO/IEC 42001 clauses.
Management System Impact Assessment Accountability International
NIST AI 600-1
Planned
Generative AI Profile — AI RMF Companion
NIST's companion resource to the AI RMF specifically addressing the unique risks of generative AI systems — including hallucination, data poisoning, privacy violations, and intellectual property concerns. SCIT evaluates generative AI deployments against the 12 identified risk areas and their suggested actions for AI developers and deployers.
Generative AI Hallucination Data Privacy AI Deployers

Education

4 Frameworks
OHS Monitoring
Planned
Office of Head Start — Federal Monitoring Standards (45 CFR Part 1302)
The federal compliance framework governing Head Start and Early Head Start grantees, administered through the Office of Head Start's (OHS) on-site monitoring program. Grantees are reviewed against the Head Start Program Performance Standards across child development, family engagement, health, nutrition, and program management domains. SCIT evaluates grantee documentation, AI tool usage, and data practices against OHS monitoring criteria — helping programs demonstrate compliance readiness before federal review visits and identifying gaps in areas where AI tools are increasingly being used for child assessment and family case management.
Head Start Early Head Start 45 CFR Part 1302 Grantee Compliance Child Development
FERPA
In Development
Family Educational Rights and Privacy Act (+ AI Application)
Federal law governing the privacy of student education records. SCIT's FERPA module evaluates AI tool deployments in K–12 and higher education environments against FERPA data handling requirements — assessing what student data is accessible to each AI system, whether proper consent or legitimate educational interest documentation exists, and whether vendor data agreements satisfy the school official exception.
Student Records Data Privacy Vendor Agreements K–12 Higher Ed
COPPA
Planned
Children's Online Privacy Protection Act
Federal law imposing requirements on operators of websites and online services directed to children under 13, including AI applications used in school environments. SCIT evaluates AI tool configurations, data collection practices, and parental consent documentation against COPPA's requirements for school-directed services and the operator-as-school-agent exception.
Under-13 Privacy Parental Consent Data Collection Online Services
SOPIPA
Planned
Student Online Personal Information Protection Act (Model)
The model student data privacy framework adopted or adapted by multiple U.S. states, prohibiting the use of student data for behavioral advertising and requiring data deletion on request. SCIT evaluates AI vendor contracts and data practices against SOPIPA-derived state requirements, with coverage expanding by state as legislation is enacted.
Student Data State Law Behavioral Advertising Data Deletion

Government & Public Sector

3 Frameworks
CJIS Security Policy
In Development
Criminal Justice Information Services Security Policy (FBI)
The FBI's comprehensive security framework governing access to Criminal Justice Information (CJI), including policy areas for personnel security, physical protection, mobile devices, and — increasingly — cloud and AI tools. SCIT evaluates AI system deployments in law enforcement environments against CJIS policy area requirements, identifying configurations that create unauthorized CJI access or inadequate audit trail coverage.
Law Enforcement CJI Access FBI Policy Cloud & AI
FedRAMP
Planned
Federal Risk and Authorization Management Program
The U.S. government's standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services used by federal agencies. SCIT evaluates cloud-based AI tool selections used by government entities against FedRAMP authorization status and control baseline requirements — relevant for any AI tool touching federal grant-funded systems or data.
Cloud Security Federal Authorization Continuous Monitoring
State AI Legislation
Planned
State-Level AI Governance Requirements (Multi-State)
An expanding set of state AI laws establishing obligations for high-risk AI deployments, algorithmic impact assessments, and transparency requirements. SCIT tracks enacted and pending AI legislation by state and evaluates organizational AI deployments against applicable state-level requirements — currently covering California, Colorado, Texas, Virginia, and Illinois, with additional states added as legislation is enacted.
State Law Algorithmic Impact Transparency Multi-Jurisdiction

Manufacturing & Defense

4 Frameworks
CMMC 2.0
In Development
Cybersecurity Maturity Model Certification
The Department of Defense's cybersecurity certification framework for defense industrial base contractors handling Federal Contract Information (FCI) or Controlled Unclassified Information (CUI). SCIT evaluates AI tool deployments in manufacturing environments against CMMC Level 1, 2, and 3 practice requirements — specifically assessing whether AI systems access, process, or transmit CUI without adequate controls.
DoD CUI FCI Defense Contractors Level 1–3
NIST SP 800-171
Planned
Protecting Controlled Unclassified Information in Nonfederal Systems
The NIST publication defining 110 security requirements for protecting CUI in nonfederal information systems — the foundational requirement set underlying CMMC Level 2. SCIT evaluates AI system configurations and access controls against SP 800-171 requirement families, producing system security plan documentation and gap assessments for each of the 14 requirement families.
CUI Protection 110 Requirements System Security Plan Nonfederal
ITAR / EAR
Planned
International Traffic in Arms Regulations / Export Administration Regulations
U.S. export control regulations governing defense articles and dual-use items. AI tools used in defense manufacturing environments may inadvertently expose controlled technical data to cloud systems or non-U.S. persons in violation of ITAR or EAR. SCIT evaluates AI deployment configurations for export control compliance risk — identifying data types in scope and flagging access patterns that may constitute deemed exports.
Export Control Defense Articles Deemed Export Technical Data
ISO 9001
Planned
Quality Management Systems — Requirements
The internationally recognized standard for quality management systems, widely required across manufacturing supply chains. SCIT evaluates AI tool integrations in ISO 9001-certified environments against the standard's requirements for document control, process validation, nonconformance management, and continual improvement — ensuring AI-assisted decisions maintain auditability required under the QMS.
QMS Manufacturing Document Control Audit Trail

Don't see the standard
your industry requires?

Request a Module