Framework catalog
Assess your organization against internationally recognized standards and regulations. Frameworks marked Ready can be assessed right now; others are being added.
Information Security
The international standard for an Information Security Management System (ISMS), including the Annex A control set.
Implementation guidance for the information security controls referenced by ISO 27001 Annex A.
A prioritized set of safeguards to mitigate the most prevalent cyber-attacks.
Outcome-based cybersecurity framework across the Govern, Identify, Protect, Detect, Respond and Recover functions.
Catalog of security and privacy controls for information systems and organizations.
Maturity model to evaluate and improve cybersecurity capabilities.
Baseline technical controls to protect against common internet-based threats.
Privacy
Extension to ISO 27001/27002 for a Privacy Information Management System (PIMS).
EU regulation on data protection and privacy for individuals.
India's law governing the processing of digital personal data — consent, data-principal rights and obligations.
US regulation for protecting sensitive patient health information (PHI).
California law granting consumers rights over their personal information.
AI Governance
Management-system standard for the responsible governance of artificial intelligence.
Framework to manage risks of AI across the Govern, Map, Measure and Manage functions.
Assurance
Report on controls relevant to Security, Availability, Processing Integrity, Confidentiality and Privacy over a period.
Report on controls at a service organization relevant to user entities' financial reporting.
General-use summary report of SOC 2 trust services criteria.
Payment Security
Security standard for organizations that handle branded credit cards.
Self-Assessment Questionnaire for fully outsourced card-not-present merchants.
SAQ for e-commerce merchants who partially outsource payment processing.
SAQ for merchants and service providers not covered by other SAQ types.
SAQ for merchants with payment application systems connected to the internet.
SAQ for merchants using only imprint machines or standalone dial-out terminals.
Business Continuity
Management-system standard for business continuity.
Service Management
Requirements for an IT service management system (SMS).
Compliance
Management-system standard for a compliance management system.
Management-system standard to prevent, detect and address bribery.
Sectoral Regulations
Cyber-security framework for banks and regulated entities in India.
Cyber Security and Cyber Resilience Framework for SEBI-regulated entities.
Information & cyber-security guidelines for insurers in India.
Regulatory guidelines for entities in International Financial Services Centres.
Directions on cyber-incident reporting and cyber-security practices in India.
Mandatory and advisory controls for the SWIFT financial-messaging environment.
EU regulation on digital operational resilience for the financial sector.
EU regulation on cyber-security requirements for products with digital elements.