Soc/ISO/GDPR Compliance

We are doing a POC of Jenkins-X3 currently, and our compliance specialist reminded us that before we use this for production, we need proof of compliance for Soc/GDPR audits.
Does anyone have information on compliance documents that Jenkins-X already has in hand?