Framework Deepdive

Explore in-depth guides to the industry’s leading security frameworks broken down into practical requirements, controls, and implementation steps to help you build a compliant, audit-ready organization.

ISO/IEC 27001:2022

The international information security management system standard.

Read deepdive →

ISO/IEC 27701

Privacy Information Management System extension to ISO 27001.

Read deepdive →

ISO/IEC 42001:2023

First international AI management system standard.

Read deepdive →

SOC 2

Trust Services Criteria attestation for service organizations.

Read deepdive →

SOC 1

Financial reporting controls report for service organizations.

Read deepdive →

PCI DSS

Payment Card Industry Data Security Standard.

Read deepdive →

GDPR

EU general data protection regulation and accountability framework.

Read deepdive →

HIPAA

US health information privacy and security rules.

Read deepdive →

EU AI Act

First horizontal AI regulation under EU Regulation 2024/1689.

Read deepdive →

FedRAMP

Authorization for cloud services to US federal agencies.

Read deepdive →

CMMC / NIST SP 800-171

DoD cybersecurity certification for the Defense Industrial Base.

Read deepdive →

BSI C5

German federal cloud assurance criteria catalogue.

Read deepdive →

DORA

EU Digital Operational Resilience Act for ICT third-party providers to financial entities.

Read deepdive →

NIS 2

EU cybersecurity directive with explicit supply-chain security obligations.

Read deepdive →