Security Compliance and Frameworks

SOC 2

Emphasizes the importance of service providers securely handling and safeguarding user data to uphold trust and transparency.

PCI DSS V 4.0

Aims to protect credit card data by implementing robust controls designed to prevent fraud and unauthorized transactions.

ISO 27001:2022

Defines the requirements for establishing, implementing, maintaining, and continuously improving an information security management system (ISMS).

DORA

The Digital Operational Resilience Act strengthens the ability of EU financial entities to withstand and respond to ICT-related incidents.

ISO 27001:2013

Offers a structured approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.

NIS 2 Directive

An EU directive aimed at strengthening the security of network and information systems across member states.

NIST CSF v1.1

Offers a structured framework for managing and mitigating cybersecurity risks through a set of guidelines and best practices.

NIST CSF 2.0

An updated framework offering guidelines for managing and mitigating cybersecurity risks, featuring enhanced capabilities and improvements for better security management.

CSA STAR

The Cloud Security Alliance's cloud assurance program, offering multiple certification levels to verify and validate the security practices of cloud service providers.

ISO 9001:2015

Establishes standards for a quality management system (QMS) to ensure the consistent delivery of high-quality products and services.

ISO 2000-1:2018

Defines standards for organizations to establish, implement, maintain, and continuously improve a service management system (SMS).

NYDFS 23 NYCRR 500

Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer information and ensure data protection.

MAS TRM 2021

The Monetary Authority of Singapore's Technology Risk Management guidelines for financial institutions operating in Singapore, aimed at mitigating technology-related risks and enhancing operational resilience.

ISR V2

Establishes security requirements for safeguarding sensitive information in specific sectors, as mandated by the Dubai government.

RBI CSF

The Reserve Bank of India's Cyber Security Framework mandates banks to adopt security measures to defend against cyber threats and ensure the resilience of their IT systems.

ISO 27017:2015

Offers guidelines for implementing information security controls specifically tailored to the provision and use of cloud services.

SAMA Minimum Verification Controls

Baseline cybersecurity controls required for financial institutions in Saudi Arabia.

TISAX V5.1

The Trusted Information Security Assessment Exchange standard for ensuring information security within the automotive industry.

GDPR

The European Union’s regulation is designed to protect the data privacy and rights of EU citizens, influencing how organizations globally manage and process personal data.

ISO 27701

Defines requirements for a Privacy Information Management System (PIMS) to manage personal data, applicable to both data controllers and data processors.

HIPAA

Requires healthcare providers and their partners to protect patient health information, ensuring its confidentiality and integrity.

CCPA

California’s consumer privacy law that grants residents specific rights over their personal information and imposes obligations on businesses that collect, process, or share such data.

PIPEDA

Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.

PDPA Singapore

The Personal Data Protection Act regulates the collection, use, and disclosure of personal data in Singapore to ensure privacy and protection.

NIST 800-171A

Offers detailed guidelines and best practices for federal agencies to safeguard their information systems and control sensitive data.

NIST 800-171 Revision 2

Defines security requirements for safeguarding Controlled Unclassified Information (CUI) in non-federal systems and organizations, ensuring its confidentiality and protection.

NIST 800-53 Revision 5

Offers a comprehensive catalog of security and privacy controls for federal information systems and organizations, aimed at enhancing their security and privacy posture.

RBI DPSC

Emphasizes the protection of financial data and the enforcement of privacy standards within the banking sector.

DPDPA

The Data Protection and Privacy Act mandates the protection and responsible handling of personal data in India, ensuring individuals' privacy rights are upheld.

Custom Frameworks

Use Auditious to create custom frameworks to meet your unique compliance requirements.