Frameworks

ISO 27001:2022 is the latest version of the international standard for Information Security Management Systems (ISMS), guiding organizations in establishing and maintaining effective information security practices to protect their valuable assets and mitigate risks.

ISO 27001 is the standard for international information security management, and ISO 27002 is a supporting standard that guides how the information security controls can be implemented. ISO 27001 explains how companies can build a compliant ISMS, from scoping their system and developing policies to training staff. ISO 27002 focuses specifically on controls.

NIST CSF (National Institute of Standards and Technology Cybersecurity Framework) is a set of guidelines, best practices, and standards that help organizations manage and improve their cybersecurity posture. It provides a common language for organizations to understand, manage, and reduce cybersecurity risks.

NIST 800-53 is a publication by the National Institute of Standards and Technology (NIST) that provides a catalog of security and privacy controls for federal information systems and organizations. It offers a comprehensive framework to help organizations manage and strengthen their security posture, addressing a wide range of security concerns and risks.

PCI-DSS stands for Payment Card Industry Data Security Standard. It is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment.

NIST AI RMF (National Institute of Standards and Technology Artificial Intelligence Risk Management Framework) is a framework designed to help organizations manage risks associated with AI technologies by providing guidelines and best practices for developing, implementing, and monitoring AI systems in a secure and trustworthy manner.

ISO 27017 provides guidelines for information security controls specifically tailored to the provision and use of cloud services, helping organizations ensure the security of their data and operations in the cloud environment.

The SOC (System and Organization Controls) framework consists of a series of standards and criteria developed by the American Institute of Certified Public Accountants (AICPA). These standards help organizations communicate relevant information about their internal controls related to financial reporting, security, availability, processing integrity, confidentiality, and privacy.

The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law that establishes privacy and security standards to protect patients’ medical records and other health information. It aims to ensure the confidentiality, integrity, and availability of protected health information.

The EU-US Data Privacy Framework, also known as the “Transatlantic Data Privacy Framework,” is an agreement between the European Union and the United States to facilitate the transfer of personal data across borders while ensuring high data protection standards, particularly in the context of transatlantic commerce and law enforcement cooperation.

The General Data Protection Regulation (GDPR) is a comprehensive data protection law in the European Union that aims to give individuals control over their personal data and harmonize data protection regulations across EU member states.

ISO 27701 is an international standard that provides guidelines for implementing a Privacy Information Management System (PIMS) to help organizations establish, maintain, and continuously improve their privacy processes.

DORA aims to create a universal framework for overseeing and reducing ICT risk within the financial sector by aligning risk management standards throughout the EU, thereby eliminating potential discrepancies, duplications, and clashes among various regulations in individual EU countries.

The Global Resilience Federation (GRF) facilitates cyber threat intelligence sharing among members, enhancing cyber resilience and security across sectors.

The United Nations Disaster Risk Reduction (UNDRR) is a UN agency focused on promoting policies and practices to reduce disaster risks and build resilience worldwide. It works with governments, organizations, and communities to improve preparedness, response, and recovery efforts to mitigate the impact of disasters.

ISO 22320:2018 is an international standard titled “Societal Security – Emergency Management – Guidelines for Incident Management.” It provides guidelines for organizations to effectively manage incidents by establishing processes for preparedness, response, and recovery. This standard aims to enhance the resilience of organizations and communities to various emergencies and disasters.

Developed to standardize security within the broader supply chain management system. ISO 28000 bring the elements of this standard in congruence with related standards such as ISO 9001:2000, ISO 14001:2004 and in particular ISO 22301:2018.

ISO 31000:2018 is an international standard titled “Risk Management – Guidelines.” It provides principles, framework, and a process for managing risks effectively within organizations. This standard helps organizations identify, assess, treat, and monitor risks in a systematic and comprehensive manner, enhancing their ability to make informed decisions and achieve their objectives.

ISO 22301:2019 is an international standard titled “Security and Resilience – Business Continuity Management Systems – Requirements.” It provides a framework for organizations to establish, implement, maintain, and continually improve a business continuity management system (BCMS). This standard helps organizations ensure the continuity of their critical functions and services during and after disruptions such as natural disasters, IT failures, or other incidents.

ISO 22313:2020 is an international standard titled “Societal security – Business continuity management systems – Guidance.” It provides detailed guidance on implementing the principles and requirements specified in ISO 22301, which is the standard for Business Continuity Management Systems (BCMS). ISO 22313 helps organizations effectively plan, establish, operate, and improve their business continuity management systems to enhance resilience against disruptions and ensure continuity of critical functions and services.