ISO 27001
International Standard for Information Security Management
Helps organizations systematically manage sensitive data, ensuring confidentiality, integrity, and availability through an Information Security Management System (ISMS).
SOC (System and Organization Controls)
Assurance Reports for Service Organizations
Primarily SOC 2 & SOC 3, these reports evaluate how service providers manage data with a focus on security, availability, processing integrity, confidentiality, and privacy.
PCI DSS (Payment Card Industry Data Security Standard)
Security Standard for Card Payment Data
A global standard designed to protect cardholder data by enforcing strong
access control, encryption, monitoring,
and secure system maintenance for any entity that handles credit card
transactions.
NIST (National Institute
of Standards and Technology)
Cybersecurity Framework and Guidelines
A U.S. government-backed set of best practices, including the NIST Cybersecurity Framework (CSF) and SP 800 series, to improve organizational cybersecurity posture through risk assessment, protection, detection and
response.
GDPR (General Data Protection Regulation)
EU Data Protection and Privacy Law
Ensures personal data of EU residents
is handled with transparency, accountability, and privacy by design. Enforces strict consent, data breach notification, and cross-border data
transfer requirements.
HIPAA (Health Insurance Portability and Accountability Act)
Healthcare Data Privacy Regulation (USA) Protects sensitive patient health information (PHI) from being disclosed without the patient’s consent. Applies to healthcare providers, insurers, and vendors handling health data.
CSA (Cloud Security Alliance)
Best Practices for Cloud Security
The CSA Cloud Controls Matrix (CCM) and STAR certification help assess and improve the security capabilities of cloud service providers and users, focusing on data protection, governance, and compliance in cloud environments.
CIS (Center for Internet Security)
Benchmarks for Secure System Configuration
A globally recognized set of best-practice security configuration guides for various systems (OS, cloud, apps) that helps organizations strengthen their cyber hygiene and reduce attack surfaces.