Regulation

The NIS 2 Directive is a key piece of EU legislation designed to enhance cybersecurity across the European Union. Officially known as Directive (EU) 2022/2555, it builds upon and replaces the original Network and Information Systems (NIS) Directive. NIS 2 aims to address security gaps that have emerged due to technological advancements and increasing cyber threats. It broadens the scope of sectors and entities affected, including essential and important entities, such as providers of public electronic communications networks or services, digital services, and critical sectors like energy, transport, banking, and health. The directive mandates these entities to implement stringent cybersecurity measures, report major incidents, and adhere to stricter supervisory measures, including more rigorous enforcement requirements and potential sanctions for non-compliance.

Public

Standard

ISO/IEC 27001:2022 is an international standard that specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). This standard is part of the ISO/IEC 27000 family of standards, which are globally recognized for providing best practices in information security. The 2022 revision of ISO 27001 includes updates to reflect the latest trends in information security and technological advancements. It provides a systematic approach to managing sensitive company information, ensuring it remains secure. This includes assessing and mitigating information security risks, safeguarding data from unauthorized access, and ensuring the integrity and availability of data. The standard is designed to be applicable to organizations of all types and sizes, emphasizing a risk management process that is integral to business processes and information security.

Public

Regulation

The Digital Operational Resilience Act (DORA), adopted by the European Union in 2022, aims to enhance the cybersecurity and resilience of financial institutions across the bloc. It establishes a comprehensive set of requirements for organizations operating in the financial sector, including banks, insurance companies, and investment firms, to ensure their IT systems can withstand and recover from cyberattacks and other disruptions. DORA mandates robust risk management practices, incident reporting protocols, and regular testing of operational resilience capabilities. The regulation also places emphasis on the assessment and mitigation of third-party IT risks, recognizing the critical role of external service providers in the financial ecosystem. DORA's effective implementation is expected to strengthen the resilience of the EU's financial sector and protect its critical infrastructure from digital threats.

Public

Standard

ISO 27001 Annex A is a crucial component of the internationally recognized ISO/IEC 27001 standard for Information Security Management Systems (ISMS). It provides a comprehensive catalogue of 93 information security controls, organized into four themes: Organisational, People, Physical, and Technological controls. These controls are not mandatory in their entirety; rather, organizations select and implement relevant controls based on their specific risk assessment and treatment process, as documented in their Statement of Applicability. Annex A serves as a practical reference guide, helping organizations to identify and apply appropriate measures to protect the confidentiality, integrity, and availability of their information assets, thereby addressing a wide array of potential security threats and vulnerabilities.

Public

Regulation

The EU General Data Protection Regulation (GDPR), implemented in May 2018, is a comprehensive data privacy law applying to businesses handling personal data of European Union (EU) residents. It mandates transparent and lawful data processing, limiting data collection to necessary purposes, ensuring accuracy, and enforcing data security. The GDPR grants individuals rights over their data and requires organizations to promptly report breaches. Non-compliance may result in substantial fines. Its primary goal is to protect individuals' privacy by setting stringent standards for the processing of personal data within and outside the EU.

Public

Standard

ISO 27701, an extension of ISO 27001, establishes a framework for managing personally identifiable information (PII) and complying with privacy regulations. It helps organizations protect PII, reduce data breach risks, enhance compliance, and gain customer trust.

Under license

Standard

ISO 37001, an international standard, establishes a framework for preventing, detecting, and addressing bribery within organizations. It helps organizations implement effective anti-bribery controls, enhance compliance, and protect their reputation.

Under license

Standard

NIST SP 800-53r5, a comprehensive guide from the National Institute of Standards and Technology, provides organizations with a catalog of security and privacy controls to protect their systems, data, and assets from threats. It's widely used by organizations of all sizes and helps them achieve compliance with relevant laws and regulations. Implemented controls significantly reduce the risk of cyberattacks and data breaches, enhancing security and privacy posture

Public

Framework

CyberFundamentals is a comprehensive framework developed by the Belgian Centre for Cybersecurity (CCB) to help organizations of all sizes implement basic cybersecurity measures and improve their overall cyber resilience. It consists of 12 essential practices that focus on protecting data, reducing the risk of common cyberattacks, and enhancing overall cybersecurity posture. Organizations can assess their current cybersecurity maturity against the CyberFundamentals framework and take steps to adopt the required measures.

Public

Framework

CyberFundamentals is a comprehensive framework developed by the Belgian Centre for Cybersecurity (CCB) to help organizations of all sizes implement basic cybersecurity measures and improve their overall cyber resilience. It consists of 12 essential practices that focus on protecting data, reducing the risk of common cyberattacks, and enhancing overall cybersecurity posture. Organizations can assess their current cybersecurity maturity against the CyberFundamentals framework and take steps to adopt the required measures.

Public

Framework

CyberFundamentals is a comprehensive framework developed by the Belgian Centre for Cybersecurity (CCB) to help organizations of all sizes implement basic cybersecurity measures and improve their overall cyber resilience. It consists of 12 essential practices that focus on protecting data, reducing the risk of common cyberattacks, and enhancing overall cybersecurity posture. Organizations can assess their current cybersecurity maturity against the CyberFundamentals framework and take steps to adopt the required measures.

Public

Standard

ISO 27701, an extension of ISO 27001, establishes a framework for managing personally identifiable information (PII) and complying with privacy regulations. It helps organizations protect PII, reduce data breach risks, enhance compliance, and gain customer trust.

Public

Framework

The NOREA Guide Privacy Control Framework (PCF) provides an internationally recognized privacy control framework based on a lifecycle model. It consists of 9 phases and 32 topics, including identifying and classifying personal data, risk assessment, accountability, access control, and data breach notification. The PCF helps IT auditors assess the privacy control measures implemented by organizations and identify any gaps or weaknesses.

Public

Regulation

The EU AI Act is a proposed law regulating artificial intelligence (AI) in the EU, aiming to ensure responsible and trustworthy AI. It categorizes AI systems into four risk levels, with high-risk systems requiring strict compliance. These requirements include risk assessment, transparency, human oversight, non-discrimination, and due diligence. The act aims to promote innovation while safeguarding fundamental rights and ethical principles.

Public

Regulation

The US AI Bill of Rights is a non-binding set of principles to guide the development and use of artificial intelligence (AI) in the US. The principles focus on ensuring that AI is developed and used in a way that is beneficial to humanity, fair and non-discriminatory, understandable and transparent, accountable and overseen, and under human control. The Bill of Rights is a significant step in the development of an ethical framework for AI, and it is important to continue to work towards implementing these principles in practice.

Public

Framework

SWIFT's Customer Security Programme (CSP) is a framework designed to protect the financial messaging network from cyberattacks In architecture A1 the organization directly connects to SWIFT without intermediaries, owning all security & responsibility.

Public

Framework

SWIFT's Customer Security Programme (CSP) is a framework designed to protect the financial messaging network from cyberattacks In architecture A2 the organization connects through a Service Bureau responsible for some security controls, reducing your burden but sharing accountability.

Public

Framework

SWIFT's Customer Security Programme (CSP) is a framework designed to protect the financial messaging network from cyberattacks In architecture A3 the organization connects through a VAN providing additional services and managing most security.

Public

Framework

SWIFT's Customer Security Programme (CSP) is a framework designed to protect the financial messaging network from cyberattacks In architecture A4 the organization connects with a limited SWIFT message exchange using secure file transfers.

Public

Framework

SWIFT's Customer Security Programme (CSP) is a framework designed to protect the financial messaging network from cyberattacks In architecture B the organization connects through a specific partner bank with limited message types and shared security responsibilities.

Public

Framework

The NIST Cybersecurity Framework provides voluntary, flexible guidance to manage cyber risks. Choose from 5 essential functions (Identify, Protect, Detect, Respond, Recover) and 3 maturity tiers (basic, intermediate, advanced) to build a customized cybersecurity plan.

Public

Framework

The NIST Privacy Framework offers a voluntary, adaptable roadmap for organizations of all sizes to identify, manage, and reduce privacy risks. Built on five core principles (Identify, Assess, Mitigate, Respond, Inform), it helps you tailor privacy practices to your specific context, industry, and maturity level. Choose relevant activities and controls to proactively build trust, improve compliance, and gain a competitive edge in the evolving privacy landscape.

Public

Regulation

California's CCPA empowers residents to control their personal data. Businesses must disclose data practices, respond to access/deletion requests, and protect data. Residents can: know what's collected and sold, access their data, request deletion, and opt-out of data selling.

Public

Regulation

BIO 2.0 is the successor to the Baseline Informatiebeveiliging Overheid (BIO), which was introduced in 2017. The BIO 2.0 is a set of standards and requirements to ensure information security within the Dutch government. It focuses on increasing resilience against cyber attacks and protecting sensitive data. It is primarily based on ISO 27001/2.

Public

Regulation

The Police Data Act (WPG) is a Dutch law regulating the processing of personal data by the police. The law aims to protect citizens' privacy while providing the police with the information they need to carry out their duties.

Public

Standard

The Baseline Informatiebeveiliging Overheid (BIO) is a set of standards and requirements to ensure information security within the Dutch government. It focuses on increasing resilience against cyber attacks and protecting sensitive data.

Public

Standard

One of the most commonly outsourced functions is transaction processing. To provide stakeholders with increased transparency into the financial controls within the transaction processing, PwC can prepare an ISAE 3402 report. This report is designed to address internal controls over financial reporting. PwC’s ISAE 3402 engagement provides independent assurance on controls over processes related to financial reporting that have been outsourced to a third party. This report is restricted-use and contains a detailed description of the auditor’s tests of controls and results. Having an ISAE 3402 report increases stakeholder confidence and drives competitive advantage.

Public

Framework

The National Institute of Standards and Technology (NIST) developed the AI Risk Management Framework (AI RMF) to help organizations manage risks associated with Artificial Intelligence (AI) systems. It's voluntary and focuses on incorporating trustworthiness into the entire AI lifecycle, from design and development to use and evaluation. The core of the AI RMF outlines four functions: Govern, Map, Measure, and Manage. These functions help organizations discuss, understand, and take action to manage AI risks and build responsible AI systems.

Public

Regulation

The Wet digitale overheid (WDO), or Digital Government Act, aims to make interacting with Dutch public services safe and reliable. This means citizens and businesses will have electronic identification methods (eIDs) with high security levels. The law also requires open standards and allows for both public and private login methods, as long as they meet European security requirements. Overall, the WDO is modernizing how people access Dutch government services online.

Public

Standard

WDTM heeft het Ketenkeurmerk Personenalarmering ontwikkeld. Met dit kwaliteitskeurmerk maken alle betrokkenen in de keten van persoonsgebonden alarmeringsdiensten, waaronder leveranciers, installateurs, zorgcentrales, alarmopvolgers en aanbieders, gebruik van een leidend procesmodel. Hierdoor worden processen geoptimaliseerd en kwaliteit gewaarborgd, wat resulteert in de hoogst mogelijke betrouwbaarheid voor de eindgebruiker.

Public

Framework

Pursuant to Article R1111-10 of the French Public Health Code, the HDS certification framework (hereinafter referred to as “requirements framework” or “framework”) defines the requirements that a Host must meet in order to obtain certification as a Health Data Host.

Public

Framework

Élaboré par l’Agence nationale de la sécurité des systèmes d’information (ANSSI), le référentiel SecNumCloud propose un ensemble de règles de sécurité à suivre garantissant un haut niveau d’exigence tant du point de vue technique, qu’opérationnel ou juridique. D’une part, les prestataires proposant une offre d’informatique en nuage (cloud) doivent présenter une bonne hygiène informatique, d’autre part, les données doivent être protégées en conformité avec le droit européen.

Public

Framework

The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. Today, thousands of cybersecurity practitioners from around the world use the CIS Controls and/or contribute to their development via a community consensus process.

Public

Framework

Service Organization Control (SOC) 2 is a framework developed by the American Institute of CPAs (AICPA) for managing customer data based on five "Trust Service Criteria" (TSC): Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 2 reports are intended for use by service organizations to demonstrate that they are managing data securely to protect the interests and privacy of their clients.

Under license

Standard

The adoption of a quality management system is a strategic decision for an organization that can help to improve its overall performance and provide a sound basis for sustainable development initiatives. The potential benefits to an organization of implementing a quality management system based on this International Standard are: a) the ability to consistently provide products and services that meet customer and applicable statutory and regulatory requirements; b) facilitating opportunities to enhance customer satisfaction; c) addressing risks and opportunities associated with its context and objectives; d) the ability to demonstrate conformity to specified quality management system requirements. This International Standard can be used by internal and external parties. It is not the intent of this International Standard to imply the need for: — uniformity in the structure of different quality management systems; — alignment of documentation to the clause structure of this International Standard; — the use of the specific terminology of this International Standard within the organization. The quality management system requirements specified in this International Standard are complementary to requirements for products and services.

Under license

Standard

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally. PCI DSS provides a baseline of technical and operational requirements designed to protect account data. While specifically designed to focus on environments with payment card account data, PCI DSS can also be used to protect against threats and secure other elements in the payment ecosystem.

Public

Regulation

As part of its digital strategy, the EU wants to regulate artificial intelligence (AI) to ensure better conditions for the development and use of this innovative technology. AI can create many benefits, such as better healthcare; safer and cleaner transport; more efficient manufacturing; and cheaper and more sustainable energy. In April 2021, the European Commission proposed the first EU regulatory framework for AI. It says that AI systems that can be used in different applications are analysed and classified according to the risk they pose to users. The different risk levels will mean more or less regulation.

Public

Framework

COBIT 5 framework provides an end-to-end business view of the governance of enterprise IT that reflects the central role of information and technology in creating value for enterprises. The principles, practices, analytical tools and models found in COBIT 5 embody thought leadership and guidance from business, IT and governance experts around the world.

Public