33 Compliance Frameworks in One Platform
Privacy, healthcare, cybersecurity, governance, AI, and industry assessments — every framework your growing company needs, with ready-to-use templates and guided assessments.
Privacy & Data Protection
Personal data protection laws and privacy management standards
NDMO
National Data Management Office
Saudi Arabia's national data governance framework covering data classification, sharing, open data, and institutional data management.
PDPL
Personal Data Protection Law
Saudi Arabia's personal data protection law governing collection, processing, and transfer of personal data.
GDPR
General Data Protection Regulation
The EU's comprehensive data protection regulation governing personal data processing for EU residents.
UK GDPR
UK General Data Protection Regulation
The UK's retained version of GDPR post-Brexit, enforced by the ICO.
CCPA
California Consumer Privacy Act
California's privacy law giving consumers rights over their personal information collected by businesses.
LGPD
Lei Geral de Proteção de Dados
Brazil's general data protection law modeled after GDPR, enforced by ANPD.
ISO 27701
ISO 27701 — Privacy Information Management
Extension to ISO 27001 for privacy information management (PIMS), aligning with GDPR and other regulations.
Healthcare & Life Sciences
Regulations for medical devices, clinical trials, and healthcare data
HIPAA
Health Insurance Portability and Accountability Act
US federal law protecting sensitive patient health information from being disclosed without consent.
FDA
FDA 21 CFR Part 11
FDA regulations on electronic records and signatures in pharmaceutical and medical device industries.
EU MDR
EU Medical Device Regulation
EU regulation governing the production and distribution of medical devices in the European market.
MHRA
MHRA Regulatory Framework
UK Medicines and Healthcare products Regulatory Agency framework for medical devices and pharmaceuticals.
GxP
Good Practice Regulations (GxP)
Quality guidelines and regulations for life sciences covering GMP, GLP, GCP, and GDP.
ICH GCP
ICH Good Clinical Practice
International standard for the design, conduct, and reporting of clinical trials involving human subjects.
ISO 13485
ISO 13485 — Medical Device QMS
Quality management system standard for organizations involved in medical device lifecycle.
Information Security
Cybersecurity frameworks and information security management standards
Cybersecurity
NIST Cybersecurity Framework
NIST CSF for managing cybersecurity risk through Identify, Protect, Detect, Respond, and Recover functions.
ISO 27001
ISO 27001 — Information Security Management
International standard for establishing, implementing, and maintaining an information security management system (ISMS).
NCA ECC
NCA Essential Cybersecurity Controls
Saudi Arabia's National Cybersecurity Authority essential controls for critical infrastructure protection.
CIS Controls
CIS Controls v8
Prioritized set of actions to protect organizations from known cyber attack vectors.
PCI DSS
PCI DSS v4.0
Payment Card Industry Data Security Standard for organizations handling cardholder data.
CMMC
CMMC 2.0
Cybersecurity Maturity Model Certification for the US defense industrial base supply chain.
SOC 2
SOC 2
AICPA framework for managing customer data based on trust service criteria: security, availability, processing integrity, confidentiality, privacy.
NIST CSF
NIST Cybersecurity Framework (Extended)
Extended NIST CSF implementation pack with additional controls and assessment guidance.
IT Governance & Risk
Enterprise governance, risk management, and business continuity standards
COBIT
COBIT 2019
ISACA's framework for governance and management of enterprise information and technology.
ITIL 4
ITIL 4
IT service management framework for delivering IT-enabled services.
ISO 31000
ISO 31000 — Risk Management
International standard providing principles and guidelines for enterprise risk management.
ISO 22301
ISO 22301 — Business Continuity
International standard for business continuity management systems (BCMS).
DORA
Digital Operational Resilience Act
EU regulation on digital operational resilience for the financial sector.
SOX
Sarbanes-Oxley Act
US federal law on corporate financial reporting, internal controls, and auditing.
AI & Emerging
Standards for artificial intelligence governance and risk management
ISO 42001
ISO 42001 — AI Management System
International standard for establishing an AI management system, addressing risks and governance of AI systems.
NIST AI RMF
NIST AI Risk Management Framework
NIST framework for managing risks associated with AI systems across the lifecycle.
Industry Assessments
Third-party assessment questionnaires and workforce frameworks
CSA CAIQ
CSA Consensus Assessments Initiative Questionnaire
Cloud Security Alliance questionnaire for assessing cloud service provider security.
SIG
Standardized Information Gathering
Shared Assessments SIG questionnaire for third-party risk assessment and vendor management.
NICE
NICE Cybersecurity Workforce Framework
NIST framework for categorizing and describing cybersecurity work and workforce requirements.
Not sure which frameworks apply to you?
Take our free 2-minute assessment and we'll tell you exactly which regulations matter for your business — and recommend the right plan.