Every framework, the same continuous practice.

Trust Services Criteria, Type I or Type II. Continuous evidence collection mapped to CC and A categories.

Annex A aligned to the 2022 revision. Statement of Applicability with versioned applicability rationale.

Amendment 13-ready. Privacy Protection Authority requirements as a first-class framework — not a footnote.

Article-29-aligned data-protection controls, Records of Processing, and DPIA workflow.