Global compliance for complex teams

CPRA / CCPA

US consumer privacy rights • Data minimization

E-commerce, Enterprise

Do-not-sell registries, preference centers, DSAR fulfillment

ISO 27001

Annex A controls

Enterprise, Government

Risk register sync, control health scoring

ISO 27701

Privacy Information Management System add-on

Enterprise, Government

PIA workflows, processor/sub-processor attestation tracking

ISO 22301

Business continuity • Disaster recovery readiness

Enterprise, Critical Infrastructure

BCP runbooks, scenario testing schedules, auditor exports

NIST CSF 2.0

Identify • Protect • Detect • Respond • Recover

Critical Infrastructure, Enterprise

Tier scoring matrices, gap analysis tasks, exec-ready heatmaps

SOX / ICFR

Financial reporting integrity • ITGC alignment

Financial Services, Enterprise

Control ownership, walkthrough documentation, quarterly certification tracking

OSFI B-13 Technology & Cyber Risk

Canadian banking guidance for resilience

Financial Services, Enterprise

Control-to-guideline mapping, vendor risk workflows, regulator-ready briefs

Australian Privacy Act (APP)

Australian Privacy Principles for regulated entities

Enterprise, Healthcare

Collection notices, consent tracking, OAIC-ready reporting bundles

IRAP PROTECTED

Australian federal cloud assessment (PROTECTED level)

Government, Enterprise

IRAP assessor packages, control inheritance mapping, continuous monitoring kits

COBIT 2019

IT governance • Enterprise alignment

Enterprise, Financial Services

Governance maturity assessments, capability mapping, performance dashboards

ITIL 4

IT service management best practices

Enterprise, SaaS

Service catalog mapping, incident workflows, change management tracking

CIS Controls v8

Prioritized cyber defense actions

Enterprise, Critical Infrastructure

Implementation group scoring, safeguard mapping, benchmark reports

PDPA Singapore

Singapore personal data protection obligations

SaaS, Enterprise

Consent models, breach logs, data residency attestations

EU AI Act

AI system risk classification • Transparency

SaaS, Enterprise

Risk tier classification, conformity assessments, model documentation

ISO 42001

AI management system • Responsible AI governance

Enterprise, SaaS

AI risk registers, impact assessments, lifecycle documentation

CPRA 2023

Enhanced California privacy rights • CPPA enforcement

E-commerce, SaaS, Enterprise

SPI limitation workflows, ADMT assessments, cybersecurity audits, dark pattern detection

SEC Cybersecurity

Public company cyber incident & governance disclosure

Financial Services, Enterprise

Materiality assessments, 8-K generation, board oversight documentation, XBRL tagging

Texas TDPSA

Texas data privacy • No revenue threshold

E-commerce, SaaS, Enterprise

Universal opt-out processing, DPA workflows, AG response templates

Quebec Law 25

Quebec modernized personal information protection

SaaS, Enterprise

Privacy governance frameworks, incident registers, cross-border transfer assessments

NIST AI RMF

AI risk management • Trustworthy AI lifecycle

SaaS, Enterprise

AI risk mapping, trustworthiness scoring, bias monitoring, model documentation

US State Privacy Laws

20-state consumer privacy compliance bundle

E-commerce, SaaS, Enterprise

Multi-state threshold tracking, cross-state control mapping, AG response readiness