Catalog

Regulatory compliance

Quick-reference summaries of the standards and regulations that drive most security programs.

ISO 27001

ISO/IEC 27001:2022

InternationalInformation Security Management

Globally recognized standard for establishing, operating, and continually improving an ISMS.

ISO/IEC 42001:2023

InternationalAI Management System

First international management system standard for responsible AI governance.

AICPA SOC 2 Type I / II

USA / Global adoptionService Organization Controls

Attestation report on controls relevant to security, availability, confidentiality, processing integrity, and privacy.

EU General Data Protection Regulation

European UnionPersonal data protection

Comprehensive EU regulation governing processing of personal data and the rights of data subjects.

California Consumer Privacy Act (CPRA)

California, USAConsumer privacy rights

Privacy law granting California residents rights over their personal information.

Health Insurance Portability and Accountability Act

USAProtected Health Information

US law setting privacy and security standards for healthcare data.

Payment Card Industry Data Security Standard v4.0

GlobalCardholder data security

Required controls for any organization that stores, processes, or transmits cardholder data.

Cybersecurity Maturity Model Certification 2.0

USA (DoD supply chain)Defense contractor cybersecurity

Tiered certification program for contractors and subcontractors handling FCI and CUI.

Regulation (EU) 2024/1689

European UnionAI systems risk-based regulation

World's first comprehensive AI law, classifying systems by risk and imposing graduated obligations.