Help Center
Framework guides
Learn each security and privacy framework available in ComplAI — what it covers, who it applies to, and how to activate controls for audit readiness.
← Back to Help Center homeSecurity
10 guidesSOC 2
SOC 2 Type II
Service Organization Control 2 for security, availability, processing integrity, confidentiality, and privacy.
Read moreISO 27001
ISO/IEC 27001:2022
International standard for information security management systems (ISMS).
Read moreNIST CSF
NIST Cybersecurity Framework
Voluntary framework for managing and reducing cybersecurity risk.
Read moreISO 22301
ISO 22301:2019
International standard for business continuity management systems (BCMS) — resilience, BIA, recovery plans, and exercises.
Read moreISO 31000
ISO 31000:2018
International guidelines for risk management principles, framework, and process — integrate ERM across the organization.
Read moreCIS v8
CIS Controls v8
Prioritized set of safeguards to defend against common cyber attacks.
Read moreNIS2
NIS2 Directive
EU network and information security directive for essential and important entities.
Read moreEssential 8
Essential Eight
Australian Cyber Security Centre baseline mitigation strategies for organizations.
Read moreCSA STAR
CSA STAR
Cloud Security Alliance security, trust, assurance, and risk program.
Read moreChronicle
Google Security Operations (Chronicle)
Google SecOps / Chronicle SIEM controls — log ingestion, UDM normalization, YARA-L detection, entity graph investigation, SOAR response, and SOC metrics.
Read morePrivacy
6 guidesISO 27701
ISO/IEC 27701:2019
Privacy extension to ISO 27001 for PII management.
Read moreGDPR
GDPR
EU General Data Protection Regulation for personal data processing and rights.
Read moreCCPA/CPRA
CCPA / CPRA
California consumer privacy rights and business obligations.
Read moreLGPD
LGPD
Brazil Lei Geral de Proteção de Dados for personal data protection.
Read moreIndia DPDP
Digital Personal Data Protection Act, 2023
India's Digital Personal Data Protection Act for lawful processing of digital personal data, Data Principal rights, and Data Fiduciary obligations.
Read moreME Privacy
Middle East & GCC Personal Data Protection
Unified privacy controls for UAE Federal PDPL, KSA PDPL, Qatar, Bahrain, Oman, and Jordan — lawful processing, data subject rights, transfers, breach notification, and DPO obligations.
Read moreHealthcare
2 guidesFinancial
5 guidesPCI DSS
PCI DSS v4.0
Payment Card Industry Data Security Standard for cardholder data.
Read moreSOX ITGC
SOX IT General Controls
IT general controls supporting financial reporting integrity.
Read moreDORA
DORA
EU Digital Operational Resilience Act for financial entities ICT risk management.
Read moreSEBI CSCRF
SEBI Cybersecurity and Cyber Resilience Framework
SEBI framework for cyber resilience of regulated entities in Indian capital markets — governance, protection, detection, response, recovery, and third-party risk.
Read moreIRDAI
IRDAI Cybersecurity Framework
Insurance Regulatory and Development Authority of India cybersecurity framework for insurers — governance, protection, detection, response, and third-party risk.
Read moreGovernment
4 guidesNIST 800-53
NIST SP 800-53
Security and privacy controls for federal information systems.
Read moreFedRAMP
FedRAMP Moderate
Federal cloud security authorization baseline for moderate impact systems.
Read moreCMMC L2
CMMC Level 2
Cybersecurity Maturity Model Certification for defense contractors.
Read moreCERT-In
CERT-In Cyber Security Directions
Indian Computer Emergency Response Team directions — incident reporting, log retention, NTP sync, POC registration, and ICT security controls.
Read moreManufacturing
3 guidesUN R155
UN Regulation No. 155
UNECE uniform provisions for vehicle cyber security and Cyber Security Management System (CSMS) — type approval, threat assessment, and Annex 5 mitigations.
Read moreUN R156
UN Regulation No. 156
UNECE uniform provisions for vehicle software updates and Software Update Management System (SUMS) — RXSWIN, OTA safety, integrity, and traceability.
Read moreFDA
FDA — 21 CFR Part 11 & Device Cybersecurity
US FDA requirements for electronic records and signatures (21 CFR Part 11), medical device cybersecurity, and CGMP manufacturing controls.
Read moreAI & Emerging
1 guideReady to activate controls?
Open the Framework Library in ComplAI to activate frameworks and start evidence collection.
