Frameworks
Saudi Arabia ECC – 2: 2024
Essential Cybersecurity Controls ECC-2:2024 is a cybersecurity framework released by Saudi Arabia's National Cybersecurity Authority (NCA) to establish minimum security requirements for organizations in the Kingdom.
HECVAT 4.02
HECVAT is a standardized questionnaire used by colleges and universities to evaluate the security and privacy of third-party vendors and their solutions.
.jpg)
COPPA
The Children's Online Privacy Protection Act (COPPA) is a U.S. law that gives parents control over personal information collected from children under 13. It requires child-directed websites and online services, or any service knowingly collecting data from children, to post a clear privacy policy, o...
.png)
Custom Frameworks
Custom Frameworks offer organizations the flexibility to define their own set of cybersecurity or compliance controls and guidelines.
SOC 2
SOC 2 (System and Organization Controls 2) is a framework designed by the American Institute of Certified Public Accountants (AICPA) to manage and protect customer data based on five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. SOC 2 compliance...
ISO 27001:2022
SO/IEC 27001:2022, which is the international standard for information security management systems (ISMS). The numbers are often confused because they belong to the same series of standards. ISO/IEC 27001:2022 is the latest version of the certifiable standard, superseding the 2013 version.
SOC 2 Type 1:Availability
SOC 2 Type 1: Availability is a report that evaluates whether an organization's internal controls related to the availability of its systems are suitably designed and implemented at a specific point in time.
SOC 2 Type 1:Security
SOC 2 Common Criteria (Security) refers to the mandatory security category within the SOC 2 Trust Services Criteria (TSC) framework, which evaluates how an organization protects its systems and data from unauthorized access and disclosure.
ISO 31000:2018
ISO 31000:2018 is the international standard for risk management, providing principles, a framework, and a process to help organizations create and protect value by managing the effects of uncertainty on their objectives. It is a guideline applicable to any public, private, or community organization...