Frameworks
.png)
COSO Framework
COSO’s Enterprise Risk Management framework provides a structured approach to managing risks by integrating them into governance, strategy, and performance.
DORA
DORA (Digital Operational Resilience Act) is a regulation introduced by the European Union to strengthen the resilience of financial institutions against information and communication technology (ICT) risks. It aims to ensure that organizations can effectively manage digital risks, protect critical...
.png)
SPRS VQ
Supplier Performance Risk System (SPRS)<br /> SPRS is a procurement risk analysis tool for the areas of Price, Item, and Supplier risk. The Price Risk tool compares industry prices to the average price paid by the government. The Item Risk tool flags items identified as high risk (based on critical...
GLBA
The Gramm-Leach-Bliley Act (GLBA) mandates financial institutions to protect customers' nonpublic personal information (NPI). It requires implementing robust security measures, providing clear privacy notices, offering opt-out options, and ensuring third-party compliance. GLBA focuses on safeguardin...
Vendor Certification Validation_VQ
This questionnaire collects and validates information about third-party vendors, suppliers, and partners to ensure compliance with organizational standards validated by a third-party assessor.
FERPA
FERPA is a U.S. federal law that safeguards the privacy of student education records, granting parents and eligible students rights to access, amend, and control the disclosure of personally identifiable information from these records.
ISO 27003
ISO 27003 provides guidance on implementing an Information Security Management System (ISMS) based on ISO 27001, including planning, establishing, maintaining, and improving the ISMS framework to ensure effective information security management within an organisation.
NIST CSF v2.0
The NIST Cybersecurity Framework (CSF) v2.0 provides voluntary guidelines to help organisation's manage and reduce cybersecurity risks, emphasising flexibility, scalability, and alignment with industry standards to enhance cyber resilience across sectors.
ZERO TRUST
A security model that assumes no implicit trust, requiring verification of every user, device, and application attempting to access network resources. It emphasises continuous monitoring, least privilege access, and strict identity verification to protect against internal and external threats.