WELL Building Standard v2 (International WELL Building Institute)

International (IWBI — 104 countries)

vv2 (2024)

7 domains

26 controls

The WELL Building Standard v2, administered by the International WELL Building Institute (IWBI), is the leading standard for buildings focused on human health and wellbeing. Over 46,000 WELL-registered and certified projects in 104 countries. WELL v2 covers 10 concepts: Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community. The standard includes requirements for smart building monitoring systems, data-driven indoor air quality management, and technology-enabled wellness programmes. WELL is often pursued alongside LEED for comprehensive green and healthy building certification.

Verified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (7)

Air

4 controls

Controls in the Air domain of WELL Building Standard v2 (International WELL Building Institute) — 4 controls
Code	Title	Description
A01	Air Quality	Establish fundamental indoor air quality standards including ventilation, filtration, and pollutant thresholds for occup...
A02	Smoke-Free Environment	Prohibit indoor smoking and restrict outdoor smoking near building entrances, operable windows, and air intakes.
A03	Ventilation Design	Design and maintain ventilation systems to deliver adequate outdoor air supply and distribution to all occupied spaces.
A05	Enhanced Air Quality	Implement enhanced filtration, source control, and air cleaning strategies to reduce indoor pollutant concentrations.

Light

3 controls

Controls in the Light domain of WELL Building Standard v2 (International WELL Building Institute) — 3 controls
Code	Title	Description
L01	Light Exposure and Education	Provide education on the importance of light exposure for circadian health and strategies to optimize light throughout t...
L02	Visual Lighting Design	Design lighting to support visual acuity and comfort through appropriate illuminance levels and glare management.
L03	Circadian Lighting Design	Design lighting systems that support circadian health through appropriate light intensity and spectrum during daytime ho...

Mind and Community

4 controls

Controls in the Mind and Community domain of WELL Building Standard v2 (International WELL Building Institute) — 4 controls
Code	Title	Description
C01	Health and Wellness Promotion	Implement policies that address health equity, diversity, and inclusion while supporting access to healthcare services.
C03	Community Engagement	Foster community connections through civic engagement opportunities, volunteer programs, and communal spaces.
M01	Mental Health Promotion	Implement programs and design strategies that support mental health, stress management, and cognitive well-being.
M02	Access to Nature	Provide access to natural environments, biophilic design elements, and restorative spaces within or near the project.

Movement

3 controls

Controls in the Movement domain of WELL Building Standard v2 (International WELL Building Institute) — 3 controls
Code	Title	Description
V01	Active Buildings and Communities	Promote physical activity through building design including active staircases, walkable routes, and exercise facilities.
V02	Visual and Physical Ergonomics	Provide ergonomic furnishings and adjustable workstations to support movement and reduce sedentary behavior.
V03	Active Transportation	Support active commuting through bicycle storage, shower facilities, and proximity to public transportation.

Nourishment

3 controls

Controls in the Nourishment domain of WELL Building Standard v2 (International WELL Building Institute) — 3 controls
Code	Title	Description
N01	Fruits and Vegetables	Ensure availability of fruits and vegetables at point-of-sale and in food service offerings within the project.
N02	Nutritional Transparency	Provide detailed nutritional information for foods and beverages sold or served within the project.
N07	Food Production	Support food production on-site or locally through gardens, urban farms, or partnerships with local producers.

Thermal Comfort, Sound and Materials

4 controls

Controls in the Thermal Comfort, Sound and Materials domain of WELL Building Standard v2 (International WELL Building Institute) — 4 controls
Code	Title	Description
S01	Sound Mapping	Identify and mitigate sources of acoustical discomfort including background noise, sound isolation, and reverberation.
T01	Thermal Performance	Maintain thermal conditions within acceptable comfort ranges considering temperature, humidity, and airflow.
X01	Material Restrictions	Restrict or eliminate the use of building materials containing hazardous chemicals that may impact occupant health.
X02	Material Transparency	Select products and materials with ingredient disclosure documentation such as Health Product Declarations.

Water

5 controls

Controls in the Water domain of WELL Building Standard v2 (International WELL Building Institute) — 5 controls
Code	Title	Description
W01	Fundamental Water Quality	Meet drinking water quality standards by addressing sediment, microorganisms, and chemical contaminants at points of use...
W02	Water Contaminants	Limit concentrations of specific contaminants including lead, mercury, and organic pollutants in drinking water.
W03	Legionella Control	Develop and implement a water management plan to minimize the risk of Legionella growth in building water systems.
Wat 01	Water Consumption	Potable water consumption is reduced through efficient fittings and water recycling.
Wat 02	Water Monitoring	Water metering and leak detection systems enable efficient water management.

Maps to 164 other frameworks

26 total controls

CDP (formerly Carbon Disclosure Project)

3 source controls mapped|3 target controls covered

12%

Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

3 source controls mapped|2 target controls covered

12%

CDP Corporate Questionnaire

3 source controls mapped|3 target controls covered

12%

Defence Security Principles Framework (DSPF)

3 source controls mapped|4 target controls covered

12%

Protective Security Policy Framework (PSPF) Release 2024

3 source controls mapped|4 target controls covered

12%

US EPA Safe Drinking Water Act (SDWA) — Cybersecurity Requirements

3 source controls mapped|4 target controls covered

12%

UK Security and Emergency Measures Direction (SEMD) — Water Industry

3 source controls mapped|5 target controls covered

12%

AASB S2 Climate-related Disclosures

2 source controls mapped|4 target controls covered

NYDFS Cybersecurity Regulation (23 NYCRR Part 500)

2 source controls mapped|5 target controls covered

TEFCA — Trusted Exchange Framework and Common Agreement

2 source controls mapped|4 target controls covered

FDA Quality Management System Regulation (QMSR)

2 source controls mapped|4 target controls covered

ILO Nursing Personnel Convention C149 (1977)

2 source controls mapped|3 target controls covered

EU Anti-Money Laundering Directive (AMLD6 / Directive 2018/1673)

2 source controls mapped|3 target controls covered

ISO 8000 — Data Quality

2 source controls mapped|3 target controls covered

FATF Recommendation 16 — Virtual Asset Travel Rule

2 source controls mapped|3 target controls covered

Privacy by Design (PbD) — Seven Foundational Principles

2 source controls mapped|3 target controls covered

BS 65000:2014 — Guidance on Organizational Resilience

2 source controls mapped|4 target controls covered

Security of Critical Infrastructure Act 2018 (SOCI)

2 source controls mapped|3 target controls covered

NATO AQAP 2110 — Quality Assurance Requirements for Design, Development, and Production

2 source controls mapped|2 target controls covered

UK Modern Slavery Act 2015

2 source controls mapped|1 target controls covered

Philippines Cybercrime Prevention Act (RA 10175)

2 source controls mapped|1 target controls covered

Canada's Anti-Spam Legislation (CASL)

2 source controls mapped|1 target controls covered

Zambia Data Protection Act (2021)

2 source controls mapped|1 target controls covered

UK Telecommunications (Security) Act 2021

2 source controls mapped|1 target controls covered

Bank Secrecy Act / Anti-Money Laundering (BSA/AML)

2 source controls mapped|1 target controls covered

BREEAM — Building Research Establishment Environmental Assessment Method

2 source controls mapped|2 target controls covered

Aged Care Quality Standards (Australia)

1 source controls mapped|3 target controls covered

IEC 60601-1 — Medical Electrical Equipment Safety

1 source controls mapped|1 target controls covered

Washington My Health My Data Act (MHMD)

1 source controls mapped|1 target controls covered

DFARS 252.204-7012 — Safeguarding Covered Defense Information

1 source controls mapped|1 target controls covered

Connecticut Data Privacy Act (CTDPA)

1 source controls mapped|1 target controls covered

Illinois Biometric Information Privacy Act (BIPA)

1 source controls mapped|1 target controls covered

NAIC Insurance Data Security Model Law (MDL-668)

1 source controls mapped|1 target controls covered

Modern Slavery Act 2018 (Australia)

1 source controls mapped|1 target controls covered

ICH E6(R3) — Good Clinical Practice

1 source controls mapped|3 target controls covered

Florida Digital Bill of Rights (SB 262)

1 source controls mapped|1 target controls covered

GAMP 5 — Good Automated Manufacturing Practice

1 source controls mapped|1 target controls covered

FAA Cybersecurity Framework for Aviation

1 source controls mapped|1 target controls covered

Australian Energy Sector Cyber Security Framework (AESCSF)

1 source controls mapped|1 target controls covered

ISO/IEC 17025:2017 — General Requirements for Testing and Calibration Laboratories

1 source controls mapped|2 target controls covered

ISO 15189:2022 — Medical Laboratories Requirements for Quality and Competence

1 source controls mapped|3 target controls covered

US Gramm-Leach-Bliley Act (GLBA) — Higher Education Safeguards Rule

1 source controls mapped|6 target controls covered

HIPAA Security Rule

1 source controls mapped|6 target controls covered

EU European Health Data Space (EHDS)

1 source controls mapped|3 target controls covered

ICH E6(R2) Good Clinical Practice — Data Integrity and Electronic Systems

1 source controls mapped|3 target controls covered

PIC/S Guide to Good Manufacturing Practice for Medicinal Products

1 source controls mapped|1 target controls covered

Australia My Health Records Act 2012

1 source controls mapped|3 target controls covered

ISPE GAMP 5 — A Risk-Based Approach to Compliant GxP Computerised Systems

1 source controls mapped|1 target controls covered

ICH Q10 — Pharmaceutical Quality System

1 source controls mapped|3 target controls covered

EU Medical Devices Regulation (MDR 2017/745)

1 source controls mapped|3 target controls covered

EU Clinical Trials Regulation (CTR 536/2014)

1 source controls mapped|3 target controls covered

HITECH Act

1 source controls mapped|3 target controls covered

WHO Global Strategy on Digital Health 2020-2025

1 source controls mapped|1 target controls covered

MDS2 (Medical Device)

1 source controls mapped|3 target controls covered

Colorado AI Act (SB 24-205)

1 source controls mapped|1 target controls covered

UNESCO Recommendation on the Ethics of AI

1 source controls mapped|1 target controls covered

Australia NHMRC National Statement on Ethical Conduct in Human Research

1 source controls mapped|1 target controls covered

Wisconsin Data Privacy Act (SB 670)

1 source controls mapped|1 target controls covered

Florida Digital Bill of Rights (FDBR)

1 source controls mapped|1 target controls covered

DORA

1 source controls mapped|3 target controls covered

CSA CCM v4

1 source controls mapped|3 target controls covered

MTCS — Multi-Tier Cloud Security (Singapore)

1 source controls mapped|1 target controls covered

ITIL 4

1 source controls mapped|1 target controls covered

ISO 42001

1 source controls mapped|1 target controls covered

IMO Maritime Cybersecurity Guidelines (MSC-FAL.1/Circ.3/Rev.2)

1 source controls mapped|1 target controls covered

HKMA SPM

1 source controls mapped|3 target controls covered

MAS TRM

1 source controls mapped|3 target controls covered

HKMA Cyber Resilience Assessment Framework (C-RAF)

1 source controls mapped|1 target controls covered

BCBS 239

1 source controls mapped|3 target controls covered

GLBA

1 source controls mapped|3 target controls covered

EBA Guidelines on ICT and Security Risk Management (EBA/GL/2019/04)

1 source controls mapped|1 target controls covered

APRA CPS 234

1 source controls mapped|3 target controls covered

FTC GLBA Safeguards Rule (16 CFR Part 314)

1 source controls mapped|1 target controls covered

Nevada Gaming Control Board Cybersecurity Requirements

1 source controls mapped|1 target controls covered

Lloyd's Minimum Standards — Cyber Security

1 source controls mapped|1 target controls covered

FTC Safeguards Rule (16 CFR Part 314)

1 source controls mapped|2 target controls covered

Singapore Government Instruction Manual on ICT&SS Management (IM8)

1 source controls mapped|3 target controls covered

CISA ICS-CERT Advisories and Industrial Control Systems Security Guidelines

1 source controls mapped|1 target controls covered

COBIT 2019

1 source controls mapped|1 target controls covered

EU Maritime Single Window Environment Regulation (EU 2019/1239) and EMSA Cybersecurity

1 source controls mapped|1 target controls covered

ASIS SPC.1-2009 — Organizational Resilience Standard

1 source controls mapped|3 target controls covered

Notifiable Data Breaches Scheme (Australia)

1 source controls mapped|2 target controls covered

EU Digital Markets Act

1 source controls mapped|2 target controls covered

FTC Health Breach Notification Rule

1 source controls mapped|2 target controls covered

UK Product Security and Telecommunications Infrastructure Act (PSTI)

1 source controls mapped|2 target controls covered

EAR — Export Administration Regulations

1 source controls mapped|2 target controls covered

European Accessibility Act (Directive (EU) 2019/882)

1 source controls mapped|2 target controls covered

EU Deforestation-Free Products Regulation (EUDR)

1 source controls mapped|2 target controls covered

Ontario Accessibility for Ontarians with Disabilities Act (AODA) — IASR Web Standard

1 source controls mapped|2 target controls covered

EU NIS2 Directive — Energy Sector Cybersecurity Requirements (Directive 2022/2555)

1 source controls mapped|2 target controls covered

US ITAR and EAR — Export Control and Data Security

1 source controls mapped|2 target controls covered

US SEC Digital Assets and Crypto Regulatory Framework

1 source controls mapped|2 target controls covered

Australia Consumer Data Right — Banking (CDR)

1 source controls mapped|2 target controls covered

Australia eSafety Commissioner — Online Safety Expectations for Industry

1 source controls mapped|2 target controls covered

Japan AI Guidelines

1 source controls mapped|1 target controls covered

UK ONR Cyber Security and Information Assurance (CSIA) for Nuclear Facilities

1 source controls mapped|1 target controls covered

TNFD Recommendations

1 source controls mapped|3 target controls covered

IEC 62351 — Power Systems Communication Security

1 source controls mapped|2 target controls covered

ISO 27001:2022

1 source controls mapped|1 target controls covered

ISO/IEC 27031:2011

1 source controls mapped|2 target controls covered

ISO/IEC 25012:2008 — Data Quality Model

1 source controls mapped|1 target controls covered

ISO 20000-1

1 source controls mapped|1 target controls covered

Digital Economy Partnership Agreement (DEPA)

1 source controls mapped|1 target controls covered

EU Cyber Resilience Act

1 source controls mapped|3 target controls covered

Bermuda Monetary Authority (BMA) Cyber Risk Management Code of Conduct

1 source controls mapped|1 target controls covered

FFIEC Cybersecurity Assessment Tool (CAT)

1 source controls mapped|1 target controls covered

FFIEC IT Examination Handbook

1 source controls mapped|3 target controls covered

India CERT-In Cyber Security Directions 2022

1 source controls mapped|1 target controls covered

EU Taxonomy Regulation (Regulation 2020/852)

1 source controls mapped|1 target controls covered

EU Taxonomy Regulation

1 source controls mapped|2 target controls covered

Australia AI Ethics Framework

1 source controls mapped|1 target controls covered

IRM Enterprise Risk Management Framework (Institute of Risk Management)

1 source controls mapped|3 target controls covered

ASIC Cyber Resilience Good Practices

1 source controls mapped|1 target controls covered

Critical Infrastructure Risk Management Program (CIRMP) Rules 2023

1 source controls mapped|2 target controls covered

CFTC System Safeguards (17 CFR 37, 38, 39, 49)

1 source controls mapped|3 target controls covered

GLI-33 — Gaming Laboratories International Event Wagering Systems

1 source controls mapped|2 target controls covered

EIOPA Guidelines on ICT Security and Governance (2020)

1 source controls mapped|2 target controls covered

TISAX — Trusted Information Security Assessment Exchange

1 source controls mapped|2 target controls covered

Telecommunications Sector Security Reforms (TSSR)

1 source controls mapped|2 target controls covered

COSO Internal Control — Integrated Framework (2013)

1 source controls mapped|1 target controls covered

ASEAN Data Management Framework

1 source controls mapped|1 target controls covered

Voluntary Principles on Security and Human Rights (VPs)

1 source controls mapped|1 target controls covered

US OFAC Sanctions Compliance Framework

1 source controls mapped|1 target controls covered

EU AI Act

1 source controls mapped|1 target controls covered

South Korea Cloud Security Assurance Program (CSAP)

1 source controls mapped|1 target controls covered

IEEE 7000

1 source controls mapped|1 target controls covered

ISO/IEC 27007:2020

1 source controls mapped|1 target controls covered

ASD Strategies to Mitigate Cyber Security Incidents

1 source controls mapped|1 target controls covered

Brazil AI Framework

1 source controls mapped|1 target controls covered

China AI Regulations

1 source controls mapped|1 target controls covered

ISO/IEC 38500:2024 — Governance of IT

1 source controls mapped|1 target controls covered

AICPA SOC 1

1 source controls mapped|3 target controls covered

AICPA SOC 3

1 source controls mapped|3 target controls covered

South Africa Promotion of Access to Information Act (PAIA)

1 source controls mapped|1 target controls covered

NIST Privacy Framework Version 1.0

1 source controls mapped|2 target controls covered

ECB TIBER-EU Framework

1 source controls mapped|1 target controls covered

NIST SP 800-82 Rev 3 — Guide to OT Security

1 source controls mapped|2 target controls covered

UK Open Banking Standard

1 source controls mapped|2 target controls covered

OECD AI Principles

1 source controls mapped|1 target controls covered

SOC 2

1 source controls mapped|3 target controls covered

SWIFT CSP

1 source controls mapped|3 target controls covered

O-RAN Alliance Security Specifications (O-RAN.WG11)

1 source controls mapped|1 target controls covered

Open Banking Security

1 source controls mapped|3 target controls covered

OSFI B-13

1 source controls mapped|3 target controls covered

SEC Climate Disclosure Rule

1 source controls mapped|1 target controls covered

PCI PIN Security

1 source controls mapped|3 target controls covered

ITU-T X.805 — Security Architecture for End-to-End Communications

1 source controls mapped|1 target controls covered

SWIFT CSCF

1 source controls mapped|3 target controls covered

PSD2 SCA

1 source controls mapped|3 target controls covered

PCI SSF

1 source controls mapped|3 target controls covered

UK FCA/PRA Operational Resilience Framework

1 source controls mapped|3 target controls covered

SOC for Cybersecurity — Cybersecurity Risk Management Examination

1 source controls mapped|1 target controls covered

SASB Standards (ISSB Integrated)

1 source controls mapped|1 target controls covered

SASB Standards

1 source controls mapped|1 target controls covered

NATO Cyber Defence Standards and NCIRC (NATO Computer Incident Response Capability)

1 source controls mapped|1 target controls covered

PCI P2PE

1 source controls mapped|3 target controls covered

ECB TIBER-EU

1 source controls mapped|3 target controls covered

NIST Cybersecurity Framework 2.0

1 source controls mapped|3 target controls covered

DAMA-DMBOK2 — Data Management Body of Knowledge (2nd Edition)

1 source controls mapped|1 target controls covered

Right to Disconnect (Australia)

1 source controls mapped|1 target controls covered

NIST Privacy Framework 1.0

1 source controls mapped|1 target controls covered

Singapore AI Governance Framework

1 source controls mapped|1 target controls covered

UK AI Regulation Framework

1 source controls mapped|1 target controls covered

SSAE 18 — Attestation Standards (SOC Reporting)

1 source controls mapped|1 target controls covered

Compare WELL Building Standard v2 (International WELL Building Institute) with CDP (formerly Carbon Disclosure Project)

Frequently Asked Questions

What is WELL Building Standard v2 (International WELL Building Institute)?

WELL Building Standard v2 (International WELL Building Institute) is a compliance framework from International (IWBI — 104 countries) with 7 domains and 26 controls. The WELL Building Standard v2, administered by the International WELL Building Institute (IWBI), is the leading standard for buildings focused on human health and wellbeing. Over 46,000 WELL-registered and certified projects in 104 countries. WELL v2 covers 10 concepts: Air, Water, Nourishment, Light, Movement, Thermal Comfort, Sound, Materials, Mind, and Community. The standard includes requirements for smart building monitoring systems, data-driven indoor air quality management, and technology-enabled wellness programmes. WELL is often pursued alongside LEED for comprehensive green and healthy building certification. It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does WELL Building Standard v2 (International WELL Building Institute) have?

WELL Building Standard v2 (International WELL Building Institute) has 26 controls organised across 7 domains. The largest domains are Water (5 controls), Air (4 controls), Mind and Community (4 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does WELL Building Standard v2 (International WELL Building Institute) map to?

WELL Building Standard v2 (International WELL Building Institute) maps to 164 other compliance frameworks. The top mapping partners are CDP (formerly Carbon Disclosure Project) (12% coverage), Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA) (12% coverage), CDP Corporate Questionnaire (12% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with WELL Building Standard v2 (International WELL Building Institute) compliance?

Start your WELL Building Standard v2 (International WELL Building Institute) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about WELL Building Standard v2 (International WELL Building Institute) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 26 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 692 frameworks.

Get Started Free →

Free forever — no credit card required