Regulations & frameworks

ISO 27001

Information Security Management System

The international standard for Information Security Management Systems. It defines requirements to establish, implement, maintain and continuously improve an ISMS.

ISO 31000

Enterprise Risk Management

The international framework for risk management in any type of organization. Principles, framework and process to identify, analyze and treat risks at enterprise level.

ISO 9001

Quality Management System

The world's most widely adopted quality management standard. It defines requirements for a system that ensures customer satisfaction and continuous improvement.

DORA

Digital Operational Resilience Act

EU regulation on digital operational resilience for the financial sector. Mandatory for banks, insurers, asset managers and critical ICT providers operating in the EU.

NIS2

Network and Information Security Directive 2

The revised European cybersecurity directive for essential and important entities. It significantly expands the scope of the original NIS directive, with new obligations and stricter penalties.

GDPR

General Data Protection Regulation

The world's most influential data protection regulation. It establishes individual rights and obligations for any organization that processes personal data of EU residents.

SOC 2

Service Organization Controls 2

The AICPA audit framework for technology service providers. Evaluates controls across Security, Availability, Processing Integrity, Confidentiality and Privacy.

CSRD

Corporate Sustainability Reporting Directive

The European directive on corporate sustainability reporting. It requires large companies to publish detailed information on their environmental, social and governance (ESG) impact.

EU AI Act

Artificial Intelligence Regulation

The world's first comprehensive AI regulatory framework. It classifies AI systems by risk level and imposes proportional obligations on developers and deployers across the EU.

ENS

National Security Framework (Spain)

The mandatory cybersecurity framework for Spanish public administrations and their technology providers. Establishes security principles, requirements and measures proportional to risk level.