Regulations and Standards
We share the regulations, standards and best practices we follow.
Regulations
Data security regulations are standards set by regulatory bodies or the government, that guide organizations towards protecting the confidentiality, integrity, and availability of data. These essentially aim to safeguard the information assets of the company from destruction, tampering, unauthorized access, and other security risks.
Digital Services Act (DSA)
Network and Information Security Directive 2.0 (NIS 2)
Datenschutz-Grundverordnung (DSGVO)
Artificial Intelligence (AI) Act
Federal Act on Data Protection (FADP)
General Data Protection Regulation (GDPR)
UK Data Protection Act 2018
California Consumer Protection Act (CCPA)
Standards
Information security and Data Protection standards are rules and guidelines that help protect information systems and data from cyber threats or threats to the fundamental rights of data subjects.
SOC 2
SOC for Service Organizations: Trust Services Criteria – Report on Controls at a Service Organization Relevant to Security, Availability, Processing Integrity, Confidentiality or Privacy
ISO 42001
Information technology — Artificial intelligence — Management system
ISO 27701
Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management —
Requirements and guidelines
NIST Risk Management Framework
The Risk Management Framework (RMF) provides a process that integrates security, privacy, and cyber supply chain risk management activities into the system development life cycle.
NIST AI Risk Management
Framework
The goal of the AI RMF is to offer a resource to the organizations designing, developing, deploying, or using AI systems to help manage the many risks of AI and promote trustworthy and responsible development and use of AI systems.
ISO 27001
Information security, cybersecurity and privacy protection — information security management systems — Requirements
ISO 31000
Risk Management - Guidelines
NIST CSF
The Framework is used to reduce cybersecurity risks since its initial publication in 2014.