If compliance is just about checklists for you, you’re missing the bigger picture. It’s about security, efficiency, and trust—and Scrut helps us achieve all three. Scrut has become a crucial part of our security stack.
Frameworks
All compliance frameworks
you can think of, and then some.
The Scrut Platform puts every framework you need, from global regulations to local mandates at your fingertips.
Every compliance standard you need— security, privacy, and beyond.
Frameworks Library
Get complete visibility and manage across 50+ out-of-the-box frameworks and standards in one place.
Unified Control Framework
Eliminate duplicate work with predefined controls that align with multiple frameworks.
Custom frameworks, tailored compliance
Build custom frameworks with unique controls, and tackle your organization’s unique risks and industry requirements.
Automated compliance tasks
Integrate directly with your tech stack and collect evidence automatically. Reuse collected evidence across multiple frameworks.
Continuous Compliance Monitoring
Detect compliance gaps in real-time. Conduct continuous, automated tests across your tech stack.
Expert-Guided Compliance
Scrut’s compliance experts support you from framework selection to audit readiness, so you can meet every requirement without unnecessary complexity.
All the frameworks you need, ready to roll.
Security Frameworks
SOC 2
Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.
Learn more
PCI DSS V 4.0
Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.
Learn more
ISO 27001:2022
Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.
Learn more
DORA
Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.
ISO 27001:2013
Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.
NIS 2 Directive
EU directive enhancing the security of network and information systems across member states.
NIST CSF v1.1
Provides guidelines for managing and reducing cybersecurity risks through a structured framework.
NIST CSF 2.0
Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.
CSA STAR
Cloud Security Alliance’s cloud assurance program offers various certifications to validate the security practices of cloud service providers.
ISO 9001:2015
Sets standards for a quality management system to ensure consistent quality of products and services.
ISO 20000-1:2018
Sets standards for an organization to establish, implement, maintain, and continually improve a service management system (SMS).
NYDFS 23 NYCRR 500
Requires financial institutions to implement robust cybersecurity programs to protect customer information.
MAS TRM 2021
Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore.
ISR V2
Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.
NYDFS NCRR 500
Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.
RBI CSF
Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.
RBI PA/PG
Sets security requirements and operational standards for entities facilitating online payments.
ISO 27017:2015
Provides guidelines for information security controls applicable to the provision and use of cloud services.
SAMA Minimum Verification Controls
Baseline cybersecurity controls required for financial institutions in Saudi Arabia.
TISAX V5.1
Trusted Information Security Assessment Exchange standard for information security in the automotive industry.
DTAC
Evaluates the safety, security, and quality of digital health technologies in clinical safety, data protection, and usability.
EASA
Establishes rules for the validation and verification of safety-related software and firmware in aviation.
ESSENTIAL EIGHT LEVEL 1
Provides a baseline level of protection against cyber threats. It outlines eight essential mitigation strategies.
ESSENTIAL EIGHT LEVEL 2
Provides a more advanced level of protection against cyber threats. It builds upon the strategies outlined in Level 1.
Cyber Essentials v3.2
Provides a clear baseline of key security controls that significantly reduce the risk of common threats like phishing, malware, and unauthorized access.
Australia ISM
Provide security guidelines for government agencies and organizations handling sensitive information in Australia.
SEBI CSCRF
Establishes cybersecurity and resilience requirements for market infrastructure institutions in India.
SAMA CSF
Establishes cybersecurity requirements for financial institutions in Saudi Arabia, aligning with global standards to strengthen security and ensure regulatory compliance.
Privacy Frameworks
GDPR
European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations handle personal data.
Learn more
ISO 27701
Specifies requirements for a privacy information management system to manage personal data, for data controllers and processors.
HIPAA
Mandates the protection of Patient Health Information(PHI) by healthcare providers and their partners to maintain confidentiality and integrity.
Learn more
CCPA
California’s consumer privacy law that grants residents specific rights regarding their personal information and imposes business obligations.
PIPEDA
Regulates how personal information is managed for individuals in Canada.
PDPA Singapore
Governs the collection, use, and disclosure of individuals data in Singapore.
NIST 800-171A
Provides guidelines and best practices for federal agencies to protect their information systems and data.
NIST 800-171 Revision 2
Specifies security requirements to protect controlled unclassified information in non-federal systems.
NIST 800-53 Revision 5
Provides a catalog of security and privacy controls for federal information systems and organizations.
RBI DPSC
Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.
DPDPA
Mandates the protection and proper handling of personal data in India.
COPPA
Ensures the privacy of children under 13 online. It requires parental consent and strict data protection measures for collecting children’s personal information.
FERPA
Protects the privacy of student education records
PHIPA
Governs the collection, use, and disclosure of personal health information in Ontario for healthcare providers, insurers, and digital health platforms.
Botswana Data Protection Act
Governs the processing of personal data in Botswana. Applies to local and international organizations handling personal data of Botswana residents.
GLBA
Governs the collection, use, and disclosure of consumers’ non-public personal information (NPI) in the financial services sector in the U.S.
New Jersey Data Privacy Law
Establishes consumer rights over the collection and sale of personal data for businesses handling personal data in New Jersey.
Seychelles Data Protection Act
Ensures the protection of personal data in Seychelles by setting guidelines for organizational compliance with regional privacy regulations and safeguarding individual rights.
LAW 25
Provides a structured approach for organizations to comply with Quebec’s updated privacy regulations by addressing risk, enhancing data protection, and supporting regulatory alignment.
US Data Privacy
Ensures organizational compliance with evolving US state-level privacy laws by addressing requirements across multiple jurisdictions for the protection of Personally Identifiable Information (PII).
Others
NIST AI RMF
Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.
Learn more
ISO 42001:2023
Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.
CIS
Provides a set of best practices to enhance the security of IT systems and protect organizations from cyber-attacks.
ISO 22301:2019 BCMS
Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.
ISO 13485:2016
Specifies requirements for a quality management system for medical devices and related services, ensuring compliance with MedTech regulations.
Essential Cybersecurity Controls
Basic measures to protect IT systems and data against common cyber threats.
CMMC 2.0 Level 1
Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.
CMMC 2.0 Level 2
Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.
Saudi Arabia PDPL
Governs the processing of personal data of individuals in Saudi Arabia.
SAMA Cyber Resilience Fundamentals
Guidelines for enhancing the cyber resilience of financial institutions in Saudi Arabia
ISO 27018:2019
Focuses on protecting personal data in the cloud and providing guidelines to cloud service providers acting as processors of personal data.
COBIT 2019
Helps organizations reconcile control requirements, technical issues, and business risks, providing a common ground in terms of IT management and governance
Custom Frameworks
Use Scrut’s prebuilt control library, premapped to popular frameworks, to create custom frameworks that meet your unique requirements.
Learn more
Unsure which framework applies to you?
Use our Compliance Compass to get a detailed report on the compliance frameworks that align with your business priorities.
Growth stories powered by Scrut.
Working with Scrut to get ISO 27001 and SOC 2 compliant was such a relief. Their platform helped us spot gaps in our security posture, and strengthen our security operations.
With Scrut, we’ve been able to show the right policies, procedures, and evidence—opening doors to more deals.
Thanks to Scrut, we’re saving nearly 100 hours every month across our GRC and solutions teams.
