One platform. Endless possibilities.

Get compliant with multiple frameworks simultaneously. Reduce repetitive effort to map controls with Unified Controls Framework (UCF™)

Trusted by 1000+ customers

All frameworks available on SmartGRC™

Security

SOC 2

Focuses on ensuring service providers securely manage and protect user data to maintain trust and transparency.

PCI DSS V 4.0

Aims to secure credit card data by establishing stringent controls to prevent fraud and unauthorized transactions.

ISO 27001:2022

Sets requirements for establishing, implementing, maintaining, and continually improving an information security management system.

DORA

Digital Operational Resilience Act enhances the resilience of EU financial entities against ICT-related incidents.

ISO 27001:2013

Provides a systematic approach to managing sensitive company information, ensuring its confidentiality, integrity, and availability.

NIS 2 Directive

EU directive enhancing the security of network and information systems across member states.

NIST CSF v1.1

Provides guidelines for managing and reducing cybersecurity risks through a structured framework.

NIST CSF 2.0

Updated framework providing guidelines for managing and reducing cybersecurity risks with enhanced features.

CSA STAR

Cloud Security Alliance’s cloud assurance program that offers various certifications to validate the security practices of cloud service providers.

ISO 9001:2015

Sets standards for a quality management system to ensure consistent quality of products and services.

ISO 2000-1:2018

Sets standards for an organization to establish, implement, maintain and continually improve a service management system (SMS).

NYDFS 23 NYCRR 500

Requires financial institutions to implement robust cybersecurity programs to protect customer information.

MAS TRM 2021

Monetary Authority of Singapore’s Technology Risk Management guidelines for financial institutions operating in Singapore

ISR V2

Outlines the security requirements for protecting sensitive information in specific sectors, mandated by the Dubai government.

NYDFS NCRR 500

Mandates financial institutions to implement comprehensive cybersecurity programs to safeguard customer data and IT infrastructure.

RBI CSF

Mandates security measures for banks to protect against cyber threats and ensure IT system resilience.

RBI PA/PG

Sets security requirements and operational standards for entities facilitating online payments.

ISO 27017:2015

Provides guidelines for information security controls applicable to the provision and use of cloud services.

SAMA Minimum Verification Controls

Baseline cybersecurity controls required for financial institutions in Saudi Arabia

TISAX V5.1

Trusted Information Security Assessment Exchange standard for information security in the automotive industry.

Privacy

GDPR

European Union’s regulation aimed at protecting the data privacy and rights of EU citizens, impacting how organizations worldwide handle personal data.

ISO 27701

Specifies requirements for a privacy information management system to manage personal data, for data controllers and data processors

HIPAA

Mandates the protection of patient health information by healthcare providers and their partners to maintain confidentiality and integrity.

CCPA

California’s consumer privacy law that grants California residents specific rights concerning their personal information and imposes obligations on businesses handling such data.

PIPEDA

Personal Information Protection and Electronic Documents Act regulates how personal information is regulated and used in Canada.

PDPA Singapore

Personal Data Protection Act governs the collection, use, and disclosure of personal data in Singapore.

NIST 800-171A

Provides comprehensive guidelines and best practices for federal agencies to protect their information systems and data.

NIST 800-171 Revision 2

Specifies security requirements to protect controlled unclassified information in non-federal systems and organizations.

NIST 800-53 Revision 5

Provides a catalog of security and privacy controls for federal information systems and organizations.

RBI DPSC

Focuses on safeguarding financial data and ensuring compliance with privacy standards for banks.

DPDPA

Data Protection and Privacy Act mandates the protection and proper handling of personal data in India.

Other

Custom Frameworks

Use Scrut SmartGRC™ to create custom frameworks to meet your unique compliance requirements.

NIST AI RMF

Offers a structured framework for managing risks associated with the deployment of AI systems within federal agencies.

ISO 42001:2023

Specifies requirements for an organization to plan, establish, implement, and maintain responsible AI systems.

CIS

Provides a set of best practices to enhance the security of IT systems and protect your organization and data from cyber-attacks

ISO 22301:2019 BCMS

Specifies requirements for a business continuity management system to prepare for, respond to, and recover from disruptive incidents.

ISO 13485:2016

Specifies requirements for a quality management system for medical devices and related services, to demonstrate compliance with MedTech regulations

Essential Cybersecurity Controls

Basic measures to protect IT systems and data against common cyber threats.

CMMC 2.0 Level 1

Includes basic cybersecurity practices required for federal contractors handling controlled unclassified information.

CMMC 2.0 Level 2

Establishes a standardized cybersecurity framework for defense contractors, ensuring the protection of sensitive defense information.

Saudi Arabia PDPL

Personal Data Protection Law governs the processing of personal data in Saudi Arabia.

SAMA Cyber Resilience Fundamentals

Saudi Arabian Monetary Authority guidelines for enhancing the cyber resilience of financial institutions.

ISO 27018:2019

Guidelines for protecting personal data in cloud computing environments, based on best practices of information security management