Frameworks
COBIT 2019
2019ISACA COBIT 2019 framework for governance and management of enterprise information and technology. Provides 40 governance and management objectives or...
ITIL 4
4ITIL 4 framework for IT service management. Provides 34 management practices organized into General Management, Service Management, and Technical Mana...
Sarbanes-Oxley Act (SOX)
2002Sarbanes-Oxley Act of 2002 — US federal law requiring publicly traded companies to maintain internal controls over financial reporting (ICFR). Secti...
C-SOX (Canadian Securities NI 52-109)
2023Canadian equivalent of Sarbanes-Oxley, implemented through National Instrument 52-109 — Certification of Disclosure in Issuers Annual and Interim Fi...
Security Frameworks
General security frameworks and controlsCIS Controls v8
8.1Center for Internet Security Critical Security Controls Version 8.1. Community-developed set of 18 prioritized safeguards to mitigate the most prevale...
Canadian Program for Cyber Security Certification (CPCSC)
1.0The CPCSC is Canada's official cyber security certification program for defence and government suppliers, managed by Public Services and Procurement C...
NIST Cybersecurity Framework
2.0The NIST Cybersecurity Framework provides a policy framework of computer security guidance for how organizations can assess and improve their ability ...
NIST SP 800-171
r3Protecting Controlled Unclassified Information in Nonfederal Systems...
HITRUST CSF
11HITRUST Common Security Framework (CSF) v11 — a certifiable framework that provides organizations with a comprehensive, flexible, and efficient appr...
Canadian Centre for Cyber Security Guidance
2024Baseline Cyber Security Controls for Small and Medium Organizations from the Canadian Centre for Cyber Security....
Physical Security Assessment
1.0Comprehensive physical security audit checklist covering facility access, server room controls, environmental protections, credit card handling, wirel...
ISO/IEC 27001
2022ISO/IEC 27001 is an international standard for information security management systems (ISMS)....
EU NIS2 Directive
2024Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union. Effective October 2024, replaces NIS1. Applies to esse...
CMMC
v2.0Cybersecurity Maturity Model Certification - Required for DoD contractors handling CUI/FCI. Three levels from basic safeguarding (Level 1) to advanced...
UK Cyber Essentials
2025UK government-backed Cyber Essentials certification scheme (Willow update, effective April 2025). Covers five fundamental security controls required t...
EU Cyber Resilience Act (CRA)
2024Regulation (EU) 2024/2847 — Cyber Resilience Act, entered into force 10 December 2024. Establishes mandatory cybersecurity requirements for products...
SOC 2
2024SOC 2 Trust Services Criteria — Type I (point-in-time design assessment) and Type II (operating effectiveness over a period, typically 6-12 months)....
Canadian Cyber Essentials
2024Baseline cyber security for Canadian small and medium organizations...
Australian Essential Eight
2024Australian Signals Directorate (ASD) Essential Eight Maturity Model — eight prioritized mitigation strategies to protect internet-connected IT netwo...
Privacy Frameworks
Privacy and data protection regulationsCCPA / CPRA
2023California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA). Applies to for-profit businesses that collect Californi...
Alberta PIPA
2022Alberta Personal Information Protection Act (PIPA). Governs the collection, use, and disclosure of personal information by private sector organization...
HIPAA Security Rule
2024The HIPAA Security Rule establishes national standards to protect individuals' electronic personal health information....
BC E-Health Act
2024British Columbia E-Health (Personal Health Information Access and Protection of Privacy) Act. Governs electronic personal health information held by h...
BC PIPA
2023British Columbia Personal Information Protection Act (PIPA). Governs the collection, use, and disclosure of personal information by private sector org...
Alberta Health Information Act
2024Alberta Health Information Act (HIA) requirements for custodians of health information....
Quebec Law 25 (Private Sector Privacy)
2024Quebec Act respecting the protection of personal information in the private sector, as amended by Bill 64 (Law 25). Phased implementation 2022-2024. A...
BC FIPPA
2023British Columbia Freedom of Information and Protection of Privacy Act (FIPPA/FOIPPA). Applies to BC public bodies including provincial government mini...
EU GDPR
2018General Data Protection Regulation (EU) 2016/679 — the world's strongest data privacy law. Applies to any organization processing personal data of E...
UK GDPR / Data Protection Act 2018
2021UK General Data Protection Regulation (retained EU law post-Brexit) together with the Data Protection Act 2018. Substantively mirrors EU GDPR with UK-...
Australian Privacy Act 1988
2024Australian Privacy Act 1988 including the Australian Privacy Principles (APPs). Applies to Australian Government agencies and private sector organizat...
PIPEDA
2024Personal Information Protection and Electronic Documents Act — Canada's federal private-sector privacy law. Applies to organizations that collect, u...
Industry Frameworks
Industry-specific compliance requirementsPCI DSS SAQ A
v4.0.1For card-not-present merchants (e-commerce, mail/telephone order) that have fully outsourced all cardholder data functions to PCI DSS compliant third-...
PCI DSS SAQ B
v4.0.1For merchants using only imprint machines or standalone dial-out terminals (no electronic cardholder data storage). Connected via analogue phone line ...
PCI DSS SAQ A-EP
v4.0.1For e-commerce merchants with a website that redirects to a third-party payment processor. The merchant website does not receive cardholder data but d...
PCI DSS SAQ B-IP
v4.0.1For merchants using only standalone, PCI PTS-approved point-of-interaction (POI) terminals with an IP connection to the payment processor. No electron...
PCI DSS SAQ C
v4.0.1For merchants with payment application systems (e.g., POS systems) connected to the Internet. No electronic cardholder data storage. Covers all 12 PCI...
PCI DSS SAQ C-VT
v4.0.1For merchants manually entering a single transaction at a time via a web-based virtual terminal provided by a PCI DSS compliant third-party service pr...
PCI DSS SAQ D
v4.0.1Full PCI DSS assessment for merchants and service providers that do not meet the criteria for any other SAQ type. Covers all 12 requirement areas with...
FTC Safeguards Rule
2023FTC Standards for Safeguarding Customer Information (16 CFR 314), revised 2023. Applies to non-bank financial institutions including auto dealerships,...
GLBA — Gramm-Leach-Bliley Act
2023Gramm-Leach-Bliley Act (GLBA) financial privacy and safeguards requirements for US financial institutions. Includes the Financial Privacy Rule (custom...
FINTRAC / PCMLTFA
2024Financial Transactions and Reports Analysis Centre of Canada (FINTRAC) requirements under the Proceeds of Crime (Money Laundering) and Terrorist Finan...
EU DORA
2025Digital Operational Resilience Act — Regulation (EU) 2022/2554, effective 17 January 2025. Applies to 20 types of EU financial entities (banks, insu...
NERC CIP
7North American Electric Reliability Corporation Critical Infrastructure Protection standards for the bulk electric system....
IIROC Cybersecurity Best Practices
2024Investment Industry Regulatory Organization of Canada Cybersecurity Best Practices for member firms....
CPA Canada Cybersecurity Framework
2024CPA Canada guidance on cybersecurity risk management and reporting....
Regional Frameworks
Regional and jurisdictional requirementsOntario Cyber Security Framework
2024Ontario government cybersecurity framework for public sector organizations....
NYDFS Cybersecurity Regulation
2023New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500), amended 2023. Applies to all DFS-regulated entities including banks...
BC Financial Services Authority Security Guidance
2024British Columbia Financial Services Authority cybersecurity and technology risk management guidance....
Onboarding Frameworks
Client onboarding checklistsMSP Onboarding Checklist
1.0Custom onboarding checklist for MSP clients including security tools, Microsoft 365, and billing setup....
