Your central hub for essential IT, cybersecurity, and data protection standards, frameworks, and assurance reports — including SOC reports, ISO standards, and regulatory guidance shaping how organizations secure systems and safeguard data.
🔗 Explore individual pages for actionable insights, control checklists, audit readiness tips, Implementation best practices and future outlook.
| Name | Description |
|---|---|
| SOC 2 Report | Evaluates controls around security, availability, confidentiality, and privacy; essential for SaaS and cloud vendor trust. |
| ISO/IEC 27001 | Global standard for implementing an Information Security Management System (ISMS) to manage cybersecurity risk. |
| ISO/IEC 27001 Certification | ISO/IEC 27001 Certification is a formal recognition that an organization has established, implemented, and maintains a robust information security management system consistent with internationally accepted standards to protect sensitive information and manage risk effectively. |
| NIST Cybersecurity Framework (CSF) | A flexible framework for identifying, protecting, detecting, responding to, and recovering from cyber threats. |
| PCI DSS | Mandates security controls to protect payment card data; required for all card processing entities. |
| GDPR | EU law enforcing strict rules on handling personal data with global reach and heavy penalties for non-compliance. |
| The Children’s Online Privacy Protection Act (COPPA) | The COPPA Act, enforced by the Federal Trade Commission (FTC), governs how websites, mobile applications, and online services collect personal information from children under 13. |
| SCOPE Act | The SCOPE Act (Securing Children Online through Parental Empowerment), is Texas’s comprehensive statute for protecting minors under 18 from harmful online content and inappropriate data practices |
| CCPA / CPRA | California’s privacy laws giving consumers rights over their personal data and imposing duties on businesses. |
| HIPAA Security Rule | Requires healthcare entities to safeguard electronic Protected Health Information (ePHI) through technical and administrative controls. |
| GLBA | U.S. financial law requiring institutions to protect sensitive customer financial data through robust safeguards. |
| SOX – IT Controls | Mandates IT controls to ensure integrity of financial reporting for publicly listed U.S. companies. |
| FISMA | Requires federal agencies and contractors to secure systems and data according to defined cybersecurity standards. |
| FedRAMP | U.S. framework for secure cloud service adoption by federal agencies through standardized security assessments. |
| NYDFS Cybersecurity Regulation | Requires financial firms in New York to implement cybersecurity programs, incident response, and board-level oversight. |
| ISO/IEC 27701 | Extends ISO 27001 with controls for managing personal data in compliance with global privacy regulations. |
| CIS Controls | A prioritized set of 18 controls for practical and effective cybersecurity defense across industries. |
| COBIT | IT governance framework aligning IT management with business goals and risk oversight. |
| ITIL | A set of best practices for IT service management (ITSM) to improve efficiency and service delivery. |
| SOC 1 Report | Assesses controls relevant to financial reporting, vital for service providers impacting client financials. |
| SOC 3 Report | Public version of SOC 2 for demonstrating security and trust without disclosing sensitive details. |
| NIS2 Directive (EU) | Expands cybersecurity rules for critical sectors across the EU with mandatory incident reporting. |
| Data Localization Laws | Require certain data (e.g., personal, financial) to be stored within specific national borders. |
| SWIFT Customer Security Program (CSP) | Enforces baseline security for SWIFT users to reduce fraud in financial messaging. |
| Basel III – IT Risk Considerations | Integrates operational and cyber risk into regulatory capital rules for global banks. |
| DORA (EU) | Mandates digital operational resilience for financial institutions in the EU, covering ICT risk management. |
| PSD2 | EU regulation enabling secure open banking through strong customer authentication and third-party access. |
| MAS TRM Guidelines | Requires Singapore-based financial institutions to manage cyber risks and technology vendors effectively. |
| ISO/IEC 22301 | Framework for business continuity management to ensure preparedness for disruptions. |
| NIST SP 800-53 | U.S. federal catalog of security controls used broadly to secure information systems. |
| NIST SP 800-171 | Outlines how to protect Controlled Unclassified Information (CUI) on non-federal systems. |
| CMMC | U.S. Department of Defense cybersecurity certification model for defense contractors. |
| ENISA Guidelines | EU agency guidance to help improve national and organizational cybersecurity readiness. |
| CSA Cloud Controls Matrix | Cloud-specific security control framework aligned with major compliance standards. |
| ISO/IEC 27017 | Provides additional guidelines for securing cloud-based environments and shared responsibilities. |
| ISO/IEC 27018 | Focuses on the protection of personal data processed in public cloud services. |
| CERT-IN Guidelines | India’s cybersecurity response authority requiring log retention and breach notifications. |
| Japan’s APPI | Regulates use and transfer of personal data in Japan, with extraterritorial enforcement. |
| China’s PIPL | China’s comprehensive privacy law mandating consent, localization, and audits for data usage. |
| Brazil’s LGPD | Brazil’s GDPR-inspired law requiring lawful, transparent, and secure processing of personal data. |
| FCA Cyber Expectations (UK) | UK regulator guidance requiring financial firms to implement robust cyber resilience programs. |
| GDPR DPIA | Data Protection Impact Assessments are mandatory under GDPR for high-risk data processing activities. |
| EBA ICT Guidelines | Provides governance and risk management guidance for ICT and security in EU financial services. |
| E-Privacy Directive | Governs cookie consent, metadata handling, and confidentiality in EU digital communications. |
| SWIFT KYC Registry | Enables global banks to share standardized KYC documentation securely. |
| Third-Party Risk Guidelines (FFIEC/OCC) | U.S. regulatory expectations on vendor oversight and cybersecurity due diligence. |
| ISAE 3402 | International standard for auditing service organization controls relevant to financial statements. |
| CSA STAR Certification | Combines ISO 27001 with cloud-specific security requirements for third-party assurance. |
| TLS/SSL Certificate Policies | Ensures secure data transmission and encryption hygiene in web and API services. |
| Red Team Standards (e.g., NIST, CREST) | Define methodologies for penetration testing and simulated cyberattacks. |
| NIST Zero Trust Architecture | Shifts security models from perimeter-based to continuous verification of users and devices. |
| GAPP | Framework of Generally Accepted Privacy Principles for managing privacy risks and obligations. |
| Data Processing Agreements (DPAs) | Contractual documents outlining roles, responsibilities, and safeguards for third-party data handling. |