DORA — Digital Operational Resilience Act
What is DORA? The Digital Operational Resilience Act (DORA) is an EU regulation that establishes a comprehensive framework for digital operational resilience in the financial sector. Formally known as Regulation (EU) 2022/2554, DORA entered into force in January 2023 and became fully applicable on January 17, 2025. It represents the most significant piece of EU […]
SOC 1 — Service Organisation Controls
What is SOC 1? SOC 1 (System and Organisation Controls 1) is an auditing standard developed by the AICPA that focuses on internal controls relevant to user entities’ financial reporting. It is designed for service organisations whose services could affect the financial statements of their customers — such as payroll processors, data centres hosting financial […]
SEBI Cyber Security and Cyber Resilience Framework (CSCRF)
What is SEBI CSCRF? The Securities and Exchange Board of India (SEBI) Cyber Security and Cyber Resilience Framework (CSCRF) is a mandatory cybersecurity framework for all SEBI-regulated entities — including stock exchanges, depositories, brokers, mutual funds, portfolio managers and market infrastructure institutions. First introduced in 2015 and significantly updated in 2024, CSCRF establishes comprehensive cybersecurity […]
SAMA Cyber Security Framework
What is SAMA CSF? The Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework is a mandatory cybersecurity framework for all financial institutions regulated by SAMA — including banks, insurance companies, financing companies and payment service providers operating in Saudi Arabia. Published in May 2017, it was the first dedicated cybersecurity framework issued by a Gulf […]
NYDFS Cybersecurity Regulation (23 NYCRR 500)
What is NYDFS 23 NYCRR 500? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, formally known as 23 NYCRR Part 500, is a mandatory cybersecurity framework for financial services companies regulated by the NYDFS. Effective March 2017 and significantly amended in November 2023, it was the first state-level cybersecurity regulation in the US […]
COSO Internal Control Framework
What is COSO? The Committee of Sponsoring Organisations of the Treadway Commission (COSO) is a joint initiative of five major professional accounting and finance organisations — the American Accounting Association, AICPA, Financial Executives International, the Institute of Management Accountants, and the Institute of Internal Auditors. Established in 1985 to study fraudulent financial reporting, COSO has […]
SOX — Sarbanes-Oxley Act
What is SOX? The Sarbanes-Oxley Act (SOX) is a US federal law enacted in July 2002 in response to a series of major corporate accounting scandals — including Enron, WorldCom and Tyco International — that wiped out billions of dollars of investor wealth and shook public confidence in financial markets. SOX established sweeping new requirements […]
PCI DSS v4.0
What is PCI DSS? The Payment Card Industry Data Security Standard (PCI DSS) is a set of security requirements designed to ensure that all organisations that accept, process, store or transmit credit card information maintain a secure environment. It was created to protect cardholders from fraud and data breaches and applies to any organisation that […]
NIST Cybersecurity Framework 2.0
What is NIST? The National Institute of Standards and Technology (NIST) is a non-regulatory federal agency within the US Department of Commerce. Founded in 1901, NIST develops standards, guidelines and best practices that help organisations manage risk, improve security and drive innovation. In cybersecurity, NIST is the most trusted standards body in the United States […]