Frameworks, Standards, & Regulations

AICPA SOC 2

Developed by the AICPA, SOC 2 defines security standards for managing data and preventing unauthorized access to assets, essential for service organizations handling sensitive information.

APRA CPS230

The Australian Prudential Regulation Authority’s CPS230 standard ensures banks, insurers, and superannuation funds manage operational risk and protect the stability of Australia’s financial system.

COSO Principles

COSO Principles guide organizations to assess risks, strengthen internal controls, and maintain ethical, transparent processes based on established frameworks for enterprise risk management.

EU Corporate Sustainability Reporting Directive (CSRD)

The CSRD expands corporate disclosure requirements across environmental, social, and governance (ESG) issues, mandating detailed reports on sustainability practices, human rights, and corporate accountability.

EU Digital Operational Resilience Act (DORA)

DORA establishes EU-wide requirements for financial firms to strengthen digital operational resilience, safeguard against cyber threats, and ensure the continuity of critical services under stress.

EU Whistleblower Directive

Requires EU organizations to provide secure reporting channels and protect whistleblowers from retaliation when reporting breaches of Union law.

ISO
27001

ISO/IEC 27001 sets a global standard for information security management systems, helping organizations protect the confidentiality, integrity, and availability of their corporate data.

Maine Privacy Act

The Maine Privacy Act mandates ISPs to safeguard customer personal information, prohibiting unauthorized sales, disclosures, or access without customer consent.

Nevada Privacy Act

The Nevada Privacy Act allows consumers to opt out of the sale of their personal information, offering expanded privacy rights and protections against unauthorized data use.

NIST CMMC

The Cybersecurity Maturity Model Certification (CMMC) establishes cybersecurity standards for U.S. defense contractors to protect controlled unclassified information across the defense industrial base.

NIST CSF

The NIST Cybersecurity Framework (CSF) provides structured guidance for managing cybersecurity risks, focusing on identification, protection, detection, response, and recovery activities across organizations.

NIST SP 800-53

NIST SP 800-53 outlines comprehensive security and privacy controls to protect federal information systems and support risk management across a range of industries.

NIST SP 800-66

NIST SP 800-66 offers a framework for HIPAA-covered entities to secure electronic protected health information (ePHI) and comply with regulatory health data protections.

SEC Climate Disclosures Rule

The SEC Climate Disclosure Rule requires U.S. companies to publicly report climate-related risks, greenhouse gas emissions, and the financial impacts of environmental factors on their business.

Sarbanes-Oxley Act (SOX)

The Sarbanes-Oxley Act enforces corporate financial transparency through strict recordkeeping, internal controls, and reporting practices to deter fraud and protect investors.

SIG Lite

SIG Lite is a standardized questionnaire used to assess third-party vendor risks, helping organizations streamline compliance and evaluate cybersecurity, privacy, and operational safeguards.