NIST CSF

The Cybersecurity Framework (CSF) is a set of cybersecurity best practices and recommendations from the National Institute of Standards and Technology (NIST). The CSF makes it easier to understand cyber risks and improve your defences. Organisations around the world use it to make better risk-based investment decisions.

ISO 27001:2022

 ISO/IEC 27001:2022 is the international standard for information security. It outlines the specifications for an effective Information Security Management System (ISMS). ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes and technology. Certification to the ISO 27001 standard is recognised worldwide to indicate that your ISMS is aligned with information security best practices.

GDPR

General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy in the European Union and European Economic Area. GDPR compliance means an organisation that falls within the scope of the data protection and privacy requirements for properly handling personal data as defined in the law. The GDPR outlines certain obligations organisations must follow, which limit how personal data can be used.

SOC (I and II)

System and Organization Controls 1, or SOC 1, aims to control objectives within a SOC 1 process area and documents internal controls relevant to an audit of a user entity’s financial statements.

SOC 2 (System and Organization Controls 2), pronounced “sock two,” is a voluntary compliance standard for ensuring that service providers properly manage and protect sensitive data in their care. SOC 2 offers a structure for auditing and reporting on the internal controls that an organisation has put into place to ensure the security, availability, processing integrity, confidentiality and privacy of the data.