NIS2 Directive — Network and Information Security
What is NIS2? The NIS2 Directive (Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union) is the European Union’s primary cybersecurity legislation, replacing the original NIS Directive from 2016. Adopted in December 2022 and required to be transposed into national law by EU member states by October 17, 2024, […]
DORA — Digital Operational Resilience Act
What is DORA? The Digital Operational Resilience Act (DORA) is an EU regulation that establishes a comprehensive framework for digital operational resilience in the financial sector. Formally known as Regulation (EU) 2022/2554, DORA entered into force in January 2023 and became fully applicable on January 17, 2025. It represents the most significant piece of EU […]
ITIL 4 — IT Service Management
What is ITIL? ITIL (Information Technology Infrastructure Library) is the world’s most widely adopted IT service management (ITSM) framework. Originally developed by the UK government in the 1980s, ITIL provides a practical, flexible framework for aligning IT services with the needs of the business. It has been adopted by organisations in over 180 countries and […]
UAE Information Assurance Regulation
What is UAE IA? The UAE Information Assurance (IA) Regulation is the national information security framework for the United Arab Emirates, issued by the Telecommunications and Digital Government Regulatory Authority (TDRA). It establishes mandatory information security requirements for all UAE federal government entities and provides a framework that private sector organisations and critical infrastructure operators […]
SOC 1 — Service Organisation Controls
What is SOC 1? SOC 1 (System and Organisation Controls 1) is an auditing standard developed by the AICPA that focuses on internal controls relevant to user entities’ financial reporting. It is designed for service organisations whose services could affect the financial statements of their customers — such as payroll processors, data centres hosting financial […]
SAMA Cyber Security Framework
What is SAMA CSF? The Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework is a mandatory cybersecurity framework for all financial institutions regulated by SAMA — including banks, insurance companies, financing companies and payment service providers operating in Saudi Arabia. Published in May 2017, it was the first dedicated cybersecurity framework issued by a Gulf […]
Qatar National Information Assurance (NIA) Policy
What is Qatar NIA? The Qatar National Information Assurance (NIA) Policy is a comprehensive information security framework established by the Ministry of Transport and Communications (MOTC) in Qatar. It provides a structured approach to protecting information assets across government entities and critical national infrastructure in Qatar, and serves as the national standard for information security […]
NYDFS Cybersecurity Regulation (23 NYCRR 500)
What is NYDFS 23 NYCRR 500? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, formally known as 23 NYCRR Part 500, is a mandatory cybersecurity framework for financial services companies regulated by the NYDFS. Effective March 2017 and significantly amended in November 2023, it was the first state-level cybersecurity regulation in the US […]
ISO 42001
What is ISO 42001? ISO/IEC 42001:2023 is the world’s first international standard for Artificial Intelligence Management Systems (AIMS). Published in December 2023, it provides a framework for organisations to responsibly develop, deploy and use AI systems. Similar in structure to ISO 27001 (information security) and ISO 9001 (quality management), ISO 42001 enables organisations to demonstrate […]
ISO 27799 — Health Informatics Security
What is ISO 27799? ISO 27799:2016 is an international standard that provides guidance on implementing ISO 27002 controls specifically within the health informatics sector. It addresses the particular information security requirements of health organisations — including the protection of personal health information (PHI) in electronic form. While HIPAA addresses US-specific legal requirements for health data, […]