Framework Guides
The compliance frameworks your buyers ask about, in plain English.
Every clause, control, rule, and right named and explained — not marketing summaries, not regulator text. Pick a framework to see what it actually requires.
ISO 27001
Explore →ISO/IEC 27001:2022
The international standard for an Information Security Management System (ISMS) — universally recognised, audited annually, certificate valid three years.
SOC 2
Explore →SOC 2 (AICPA Trust Services Criteria)
An AICPA report issued by an independent CPA firm on how your controls meet the Trust Services Criteria. The North American baseline for B2B SaaS procurement.
HIPAA
Explore →Health Insurance Portability and Accountability Act (45 CFR Parts 160, 162, 164)
US federal law governing protected health information. Audited by HHS Office for Civil Rights with civil penalties up to roughly $2M per violation category per year.
GDPR
Explore →General Data Protection Regulation (EU) 2016/679
EU law on personal data. Applies to anyone processing the personal data of people in the EU/EEA, wherever they are. Fines up to €20M or 4% of global annual turnover.
PCI DSS
Explore →Payment Card Industry Data Security Standard v4.0.1
The card brands' contractual standard for everyone who stores, processes, or transmits cardholder data. Twelve requirements, an annual assessment, and a breach response that gets expensive fast.
MAS TRM
Explore →Monetary Authority of Singapore — Technology Risk Management Guidelines
Singapore's technology-risk expectations for every MAS-regulated financial institution. Guidance with regulator teeth — non-compliance can mean restrictions, supervisory action, and removal from FI approved-vendor lists.
Not sure which framework you need?
Compare frameworks side by side, see which controls overlap, and find the right combination for your buyers and regulators.