SOC 1 — Service Organisation Controls
What is SOC 1? SOC 1 (System and Organisation Controls 1) is an auditing standard developed by the AICPA that focuses on internal controls relevant to user entities’ financial reporting. It is designed for service organisations whose services could affect the financial statements of their customers — such as payroll processors, data centres hosting financial […]
COSO Internal Control Framework
What is COSO? The Committee of Sponsoring Organisations of the Treadway Commission (COSO) is a joint initiative of five major professional accounting and finance organisations — the American Accounting Association, AICPA, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors. Established in 1985 to study fraudulent financial reporting, COSO has […]
COBIT 2019
What is COBIT? COBIT (Control Objectives for Information and Related Technologies) is a framework developed by ISACA for IT governance and management. First published in 1996, COBIT provides organisations with a comprehensive set of tools, models and best practices to bridge the gap between business requirements, technical issues and control risks. It is the leading […]
NIST SP 800-53
What is NIST SP 800-53? NIST Special Publication 800-53 is a comprehensive catalogue of security and privacy controls for information systems and organisations. Published by the National Institute of Standards and Technology, it is the most detailed and authoritative security controls framework available — containing over 1,000 individual controls and control enhancements organised into 20 […]
SOC 2 Type II
What is SOC 2? SOC 2 (System and Organisation Controls 2) is an auditing standard developed by the American Institute of Certified Public Accountants (AICPA) that evaluates how organisations manage customer data based on five Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality and Privacy. It has become the de facto standard for demonstrating security […]
HIPAA — Health Insurance Portability and Accountability Act
What is HIPAA? The Health Insurance Portability and Accountability Act (HIPAA) is a US federal law enacted in 1996 that establishes national standards for protecting sensitive patient health information. Originally passed to improve the portability of health insurance coverage, HIPAA evolved into the primary legal framework governing the privacy and security of health data in […]
ISO 27001:2022
What is ISO? The International Organization for Standardization (ISO) is an independent, non-governmental international body founded in 1947. With members from 167 countries, ISO develops and publishes international standards covering almost every industry — from technology and manufacturing to food safety and healthcare. In information security, ISO is the most globally recognised standards body outside […]
NIST Cybersecurity Framework 2.0
What is NIST? The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the US Department of Commerce. Founded in 1901, NIST develops standards, guidelines and best practices that help organisations manage risk, improve security and drive innovation. In cybersecurity, NIST is the most trusted standards body in the United States […]