692 Compliance Frameworks

Title 21 Code of Federal Regulations Part 211 establishes the minimum current good manufacturing practice (cGMP) requirements for the preparation of drug products (finished pharmaceuticals) for administration to humans or animals. Covers all aspects of pharmaceutical manufacturing from personnel and facilities to production controls and record keeping.

57 controls11 domains

21 CFR Part 58 — Good Laboratory Practice (GLP)

TelecommunicationsInternational (3GPP)

Title 21 Code of Federal Regulations Part 58 establishes Good Laboratory Practice (GLP) regulations for nonclinical laboratory studies supporting applications for research or marketing permits for FDA-regulated products. Covers organization, facilities, equipment, testing operations, records, and reporting requirements to ensure the quality and integrity of safety data..

31 controls7 domains

3GPP 5G Security Architecture (TS 33.501)

3GPP Technical Specification 33.501 defines the security architecture and procedures for 5G Systems. Covers authentication, key management, security between network functions, and user plane security.

28 controls8 domains

3GPP Security

TelecommunicationsInternational

3GPP Telecommunications Security Specifications.

31 controls6 domains

3GPP Security Architecture (TS 33.501 — 5G Security)

TelecommunicationsInternational (3GPP)

3GPP TS 33.501 specifies the security architecture and procedures for 5G systems. It defines security features for authentication, key management, confidentiality, integrity protection, and network domain security in 5G networks.

22 controls5 domains

AASB S2 Climate-related Disclosures

PrivacyUnited States (AICPA)

Australian Accounting Standards Board Standard S2 requires entities to disclose climate-related risks and opportunities. Based on IFRS S2 issued by the ISSB.

39 controls3 domains

AICPA Privacy Management Framework (PMF)

The AICPA Privacy Management Framework (PMF) provides a comprehensive framework for CPA practitioners and organisations to manage and report on privacy risk. It builds on the Generally Accepted Privacy Principles (GAPP) and SOC 2 Trust Services Criteria for Privacy.

31 controls9 domains

AICPA SOC 1

Service Organization Controls for financial reporting.

AICPA SOC 3

Trust Services Criteria for general use reporting.

Information SecurityFrance

AML/CTF Act 2006 (Australia)

OtherAustralia

The Anti-Money Laundering and Counter-Terrorism Financing Act 2006 (Cth) establishes a regulatory framework requiring Australian businesses providing designated services to identify, mitigate and manage money laundering and terrorism financing risks. Administered by AUSTRAC..

41 controls4 domains

ANSSI Cybersecurity Framework

French National Cybersecurity Agency framework.

32 controls6 domains

APEC Cross-Border Privacy Rules (CBPR) System

PrivacyAsia-Pacific (APEC)

The APEC Cross-Border Privacy Rules (CBPR) System is a voluntary accountability-based framework for facilitating cross-border data flows among APEC economies while protecting personal information. Participating companies self-certify compliance with programme requirements, verified by APEC-recognised accountability agents.

24 controls5 domains

API 1164

Pipeline SCADA Security for petroleum and natural gas.

24 controls5 domains

APPI

OtherJapan

Act on Protection of Personal Information (Japan).

29 controls5 domains

APRA CPS 220 Risk Management

Australian Prudential Regulation Authority Prudential Standard CPS 220 sets out requirements for APRA-regulated entities to have an effective risk management framework, including the Board's responsibility for risk oversight, a Chief Risk Officer, and the 'three lines of defence' model. Applies to ADIs, insurers, and RSE licensees..

8 controls2 domains

APRA CPS 230 Operational Risk Management

Australian Prudential Regulation Authority Prudential Standard CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks, maintain business continuity, and manage risks from service provider arrangements. Effective 1 July 2025..

43 controls4 domains

APRA CPS 234

GovernmentAustralia

Australian Prudential Regulation Authority Information Security Standard.

Information SecurityAustralia (APRA)

APRA Prudential Standard CPS 234 — Information Security (Australia)

APRA Prudential Standard CPS 234 (effective July 2019) establishes information security requirements for APRA-regulated entities in Australia: authorised deposit-taking institutions (banks), general insurers, life insurance companies, private health insurers, and registrable superannuation entity (RSE) licensees. CPS 234 requires entities to maintain an information security capability commensurate with the size and extent of threats to their information assets.

19 controls5 domains

APRA SPS 220 Risk Management (Superannuation)

Quality ManagementInternational (Aerospace)

Australian Prudential Regulation Authority Prudential Standard SPS 220 sets out risk management requirements specifically for RSE licensees (superannuation trustees). It requires RSE licensees to maintain a Board-approved risk management framework covering material risks to the business operations and to the interests of beneficiaries..

16 controls5 domains

AS9100D — Aerospace Quality Management System

AS9100D (SAE International) is the aerospace quality management system standard based on ISO 9001:2015 with additional aerospace-specific requirements. It addresses the unique quality, safety, and reliability requirements of the aviation, space, and defense industries.

57 controls7 domains

AS9100D:2016 — Quality Management Systems for Aviation, Space, and Defence

Risk ManagementInternational (IAQG/SAE)

AS9100D:2016 (equivalent to EN 9100:2018 in Europe) is the quality management system standard for the aviation, space, and defence (AS&D) industry. Based on ISO 9001:2015 with additional AS&D-specific requirements.

38 controls6 domains

ASD Essential Eight Maturity Model

OtherAustralia

Defines four maturity levels (0-3) for each of the ASD Essential Eight mitigation strategies, with specific ISM control requirements at each level. Published by the Australian Signals Directorate..

57 controls8 domains

ASD Information Security Manual (ISM)

Information SecurityAustralia

The Australian Signals Directorate Information Security Manual is the Australian Government's primary cyber security framework. It provides a comprehensive set of cyber security principles and guidelines for protecting systems and data at all classification levels.

136 controls14 domains

ASD Strategies to Mitigate Cyber Security Incidents

OtherAustralia

A prioritised list of 37 mitigation strategies published by the Australian Signals Directorate to help organisations protect themselves against cyber threats. The Essential Eight is a subset of these strategies..

37 controls5 domains

ASEAN Data Management Framework

OtherASEAN

The ASEAN Data Management Framework provides a common framework for ASEAN member states to harmonize data governance across the region. It covers data lifecycle management, cross-border data flows, data protection measures, and organizational accountability.

39 controls7 domains

ASEAN Guide on AI Governance and Ethics

AI & TechnologyASEAN

The ASEAN Guide on AI Governance and Ethics provides a practical framework for ASEAN member states and organizations to deploy AI responsibly. Based on principles of transparency, fairness, security, accountability, and human-centricity, it provides guidance for both AI developers and deployers.

17 controls3 domains

ASIC Cyber Resilience Good Practices

GovernmentAustralia

The Australian Securities and Investments Commission sets expectations for cyber resilience of regulated entities in the financial services sector. Based on ASIC Report 429 (2015) and Report 716 (2022), it outlines good practices for boards and management in managing cyber security risks.

22 controls5 domains

ASIS SPC.1-2009 — Organizational Resilience Standard

OtherUnited States (ASIS/ANSI)

ASIS SPC.1-2009 (Organizational Resilience: Security, Preparedness, and Continuity Management Systems — Requirements with Guidance for Use) is an American National Standard that establishes requirements for a management system to enhance organizational resilience. Published by ASIS International, it integrates security management, emergency management, and business continuity into a unified resilience management system.

22 controls6 domains

AWS Well-Architected Security Pillar

OtherInternational

Amazon Web Services security best practices framework.

Information SecurityUnited States (AWWA)

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

The American Water Works Association (AWWA) provides comprehensive cybersecurity guidance for water and wastewater utilities. Key publications include: AWWA Cybersecurity Risk & Responsibility in the Water Sector (2019), Process Control System Security Guidance for the Water Sector, and collaboration with WaterISAC.