Laws and Frameworks

Standards and Frameworks

  • AICPA - SOC for Cybersecurity risk management reporting framework

    Published on June 7, 2019 at 12:00 pm

    SOC for Cybersecurity is a reporting framework through which organizations can communicate relevant useful information about the effectiveness of their cybersecurity risk management program. This control… [Read More]

  • AICPA Trust Services Criteria (TSC) (SOC 2)

    Published on February 5, 2019 at 5:21 pm

    The AICPA Trust Services Criteria (TSC) for SOC 2 reporting is intended to provide detailed information and assurance about controls at a service organization relevant to… [Read More]

  • APEC Privacy Framework

    Published on April 26, 2019 at 2:53 pm

    [Read More]

  • Austria - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:01 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Belgium - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:03 pm

    Certification schemes and Codes of conduct are established under the GDPR and Belgian domestic law as an accountability element to demonstrate the organizations’ compliance with privacy… [Read More]

  • Breach Notification Tracker

    Published on March 15, 2019 at 10:50 am

    This tracker is powered by the Databreachpedia™ Global Law Engine, an innovative solution that integrates breach notification laws directly into the OneTrust platform. Databreachpedia maps out… [Read More]

  • BS 10012 - Personal Information Management System

    Published on February 5, 2019 at 5:13 pm

    BS 10012 provides a framework for Personal Information Management System, helping organizations to maintain and improve compliance with data protection legislation, such as EU GDPR, and… [Read More]

  • Bulgaria - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:04 pm

    Certification schemes and Codes of conduct are established under the GDPR and Bulgarian domestic law as an accountability element to demonstrate the organizations’ compliance with privacy… [Read More]

  • Center for Internet Security - CIS Controls 7.1

    Published on June 7, 2019 at 10:36 am

    The Center for Internet Security Critical Security Controls are a set of guidelines and best practices helping organizations in blocking or mitigating cyber-attacks. [Read More]

  • COBIT 5

    Published on February 5, 2019 at 5:02 pm

    COBIT 5 is a best-practice framework from ISACA to assist in the process of understanding, designing and implementing enterprise governance of information and technology (EGIT). COBIT 5… [Read More]

  • Croatia - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:05 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • CSA Code of Conduct for GDPR Compliance (CSA GDPR CoC)

    Published on December 18, 2018 at 10:25 am

    The risk-based approach to data protection embedded in the GDPR has far-reaching consequences for Cloud data privacy. In 2018, the Cloud Security Alliance (CSA) issued the Code… [Read More]

  • CSA Consensus Assessments Initiative Questionnaire (CAIQ)

    Published on January 17, 2019 at 11:32 am

    The Consensus Assessments Initiative Questionnaire (CAIQ) is a questionnaire consisting of Yes/No questions. It is provided by the Cloud Security Alliance (CSA) to help cloud consumers and… [Read More]

  • CSA STAR

    Published on December 18, 2018 at 10:52 am

    STAR is a cloud security certification program powered by the Cloud Security Alliance (CSA). STAR consists of a three-tier assurance system: self-assessment; 3rd party certification; and,… [Read More]

  • Cyprus - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:06 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Czech Republic (Czechia) - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:09 pm

    Certification schemes and Codes of conduct are established under the GDPR and are also reflected in the Czech Privacy Bill as an accountability element to demonstrate… [Read More]

  • Denmark - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:13 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Estonia - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:14 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • EU - U.S. Privacy Shield

    Published on February 5, 2019 at 3:55 pm

    On 6 October 2015, the Court of Justice of the European Union (CJEU) issued a decision invalidating the adequacy status of the EU-US Safe Harbour. In… [Read More]

  • Finland - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:15 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • France - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:19 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • German Standard Data Protection Model (SDM)

    Published on November 19, 2018 at 8:59 am

    In Germany, the Standard Data Protection Model (the “SDM”)  is used by data protection authorities (DPAs) to describe a model for organisations to systematically verify compliance… [Read More]

  • Germany - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:20 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Greece - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:21 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • HITRUST Common Security Framework (CSF)

    Published on March 29, 2019 at 5:04 pm

    The HITRUST Common Security Framework (“HITRUST CSF”) is a certifiable framework developed by the Health Information Trust Alliance (“HITRUST”) in collaboration with privacy, information security and… [Read More]

  • Hungary - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:43 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Ireland - Certifications AND Codes of Conduct

    Published on December 19, 2018 at 4:41 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • ISO 27001 - Information Security Management System

    Published on October 5, 2018 at 5:56 am

    An international standard, developed by the International Organization for Standardization (ISO), that describes how to establish, maintain and continually improve an information security management system (ISMS). [Read More]

  • ISO 27005 - Information Security Risk Management

    Published on February 22, 2019 at 4:53 pm

    ISO 27005 is part of the ISO 27000 family of standards. The standard provides guidelines assisting the implementation of the risk management aspects of ISO 27001…. [Read More]

  • ISO 27017 - Privacy Framework

    Published on June 7, 2019 at 1:49 pm

    The International Standard 27017 (ISO 27017) is a guideline for code of practice for information security controls based on ISO 27002 for cloud services. This standard… [Read More]

  • ISO 27552 - Privacy Information Management

    Published on March 22, 2019 at 3:58 pm

    ISO 27552 is a privacy extension to ISO 27001 and ISO 27002, providing additional guidance for the protection of privacy. It is currently under development, with… [Read More]

  • ISO 29100 - Privacy Framework

    Published on June 6, 2019 at 2:52 pm

    ISO 29100 provides a framework for organizations to supplement their existing security program to incorporate privacy principles and controls. [Read More]

  • ISO 29101 - Privacy Architecture Framework

    Published on June 7, 2019 at 1:40 pm

    ISO 29101 builds on the privacy framework provided by ISO 29100 to help an organization define its privacy safeguarding requirements as they relate to PII processed… [Read More]

  • ISO 29134 – Guidelines for Privacy Impact Assessment

    Published on February 8, 2019 at 9:51 am

    ISO 29134 provides guidelines for conducting privacy impact assessments (PIA) and structuring PIA reports. The development of the standard is led by ISO (the International Organization for Standardization)… [Read More]

  • ISO 29151 - Code of practice for personally identifiable information protection

    Published on June 7, 2019 at 10:23 am

    An international standard, developed by the International Organization for Standardization (ISO), that establishes control objectives, controls and guidelines for implementing controls, to meet the requirements identified… [Read More]

  • Italy - Certifications and Codes of Conduct

    Published on December 19, 2018 at 4:57 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Latvia - Certifications and Codes of Conduct

    Published on December 19, 2018 at 9:08 am

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Lithuania - Certifications and Codes of Conduct

    Published on December 19, 2018 at 4:57 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Luxembourg - Certifications and Codes of Conduct

    Published on December 19, 2018 at 4:57 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Malta - Certifications and Codes of Conduct

    Published on December 19, 2018 at 4:57 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Netherlands - Certifications and Codes of Conduct

    Published on December 19, 2018 at 4:58 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • NIST Cybersecurity Framework v1.1 (CSF)

    Published on January 17, 2019 at 12:00 pm

    The NIST Cybersecurity Framework version 1.1 (NIST CSF v1.1) provides a voluntary, prioritized, flexible and cost-effective approach to protecting critical infrastructure and other sectors against cybersecurity… [Read More]

  • NIST Privacy Framework (DRAFT)

    Published on January 17, 2019 at 11:54 am

    The Framework will be a voluntary tool for organizations to better identify, assess, manage, and communicate about privacy risks. It will help to ensure that individuals… [Read More]

  • NIST SP 800-171 Rev. 1

    Published on June 7, 2019 at 1:42 pm

    NIST Special Publication 800-171 Rev. 1 Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations belongs to NIST SP 800 series and provides a set of… [Read More]

  • NIST SP 800-53

    Published on February 5, 2019 at 5:16 pm

    NIST Special Publication 800-53 Recommended Security Controls for Federal Information System belongs to NIST SP 800 series and provides a catalog of security controls for all U.S. federal… [Read More]

  • OECD Privacy Principles

    Published on May 15, 2019 at 1:21 pm

    The OECD Privacy Principles, the first internationally agreed upon set of privacy principles, have been foundational for many global privacy laws, such as the EU GDPR… [Read More]

  • OneTrust Privacy Governance Framework

    Published on February 5, 2019 at 4:58 pm

    The OneTrust Privacy Governance Framework provides companies with the building blocks of a comprehensive privacy program. Companies can use this framework as a blueprint to start… [Read More]

  • Payment Card Industry Data Security Standard (PCI DSS)

    Published on February 5, 2019 at 5:04 pm

    The Payment Card Industry Data Security Standard (PCI DSS) provides a set of security standards to ensure that companies  processing credit card information have established proper… [Read More]

  • Poland - Certifications and Codes of Conduct

    Published on January 17, 2019 at 12:23 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Portugal - Certifications and Codes of Conduct

    Published on December 20, 2018 at 4:19 am

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Romania - Certifications and Codes of Conduct

    Published on January 17, 2019 at 12:24 pm

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Shared Assessments SIG

    Published on February 5, 2019 at 5:07 pm

    The Standardized Information Gathering (SIG) is a questionnaire management tool help organizations to build, analyze and store vendor questionnaires in third party risk assessments. SIG is developed… [Read More]

  • Slovakia - Certifications & Codes of Conduct

    Published on December 20, 2018 at 4:36 am

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Slovenia - Certifications & Codes of Conduct

    Published on December 20, 2018 at 4:43 am

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Spain - Certifications & Codes of Conduct

    Published on December 20, 2018 at 4:58 am

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • Sweden - Certifications and Codes of Conduct

    Published on December 20, 2018 at 5:16 am

    Certification schemes and Codes of conduct are established under the GDPR as an accountability element to demonstrate the organizations’ compliance with privacy laws and to facilitate… [Read More]

  • UK - Certifications and Codes of Conduct

    Published on December 18, 2018 at 2:48 pm

    Certification schemes and Codes of conduct are established under the GDPR and UK domestic law as an accountability element to demonstrate the organizations’ compliance with privacy… [Read More]

  • Vendor Security Alliance- VSA Questionnaire

    Published on June 7, 2019 at 10:47 am

    The Vendor Security Alliance is a coalition of companies committed to improve internet security. The VSA is a non-profit organization, where companies interested may apply for… [Read More]

Want to learn more? Login to the full DataGuidance platform.