NIS2 Directive — Network and Information Security
What is NIS2? The NIS2 Directive (Directive (EU) 2022/2555 on measures for a high common level of cybersecurity across the Union) is the European Union’s primary cybersecurity legislation, replacing the original NIS Directive from 2016. Adopted in December 2022 and required to be transposed into national law by EU member states by October 17, 2024, […]
DORA — Digital Operational Resilience Act
What is DORA? The Digital Operational Resilience Act (DORA) is an EU regulation that establishes a comprehensive framework for digital operational resilience in the financial sector. Formally known as Regulation (EU) 2022/2554, DORA entered into force in January 2023 and became fully applicable on January 17, 2025. It represents the most significant piece of EU […]
UAE Information Assurance Regulation
What is UAE IA? The UAE Information Assurance (IA) Regulation is the national information security framework for the United Arab Emirates, issued by the Telecommunications and Digital Government Regulatory Authority (TDRA). It establishes mandatory information security requirements for all UAE federal government entities and provides a framework that private sector organisations and critical infrastructure operators […]
SOC 1 — Service Organisation Controls
What is SOC 1? SOC 1 (System and Organisation Controls 1) is an auditing standard developed by the AICPA that focuses on internal controls relevant to user entities’ financial reporting. It is designed for service organisations whose services could affect the financial statements of their customers — such as payroll processors, data centres hosting financial […]
SEBI Cyber Security and Cyber Resilience Framework (CSCRF)
What is SEBI CSCRF? The Securities and Exchange Board of India (SEBI) Cyber Security and Cyber Resilience Framework (CSCRF) is a mandatory cybersecurity framework for all SEBI-regulated entities — including stock exchanges, depositories, brokers, mutual funds, portfolio managers and market infrastructure institutions. First introduced in 2015 and significantly updated in 2024, CSCRF establishes comprehensive cybersecurity […]
SAMA Cyber Security Framework
What is SAMA CSF? The Saudi Arabian Monetary Authority (SAMA) Cyber Security Framework is a mandatory cybersecurity framework for all financial institutions regulated by SAMA — including banks, insurance companies, financing companies and payment service providers operating in Saudi Arabia. Published in May 2017, it was the first dedicated cybersecurity framework issued by a Gulf […]
Qatar National Information Assurance (NIA) Policy
What is Qatar NIA? The Qatar National Information Assurance (NIA) Policy is a comprehensive information security framework established by the Ministry of Transport and Communications (MOTC) in Qatar. It provides a structured approach to protecting information assets across government entities and critical national infrastructure in Qatar, and serves as the national standard for information security […]
NYDFS Cybersecurity Regulation (23 NYCRR 500)
What is NYDFS 23 NYCRR 500? The New York Department of Financial Services (NYDFS) Cybersecurity Regulation, formally known as 23 NYCRR Part 500, is a mandatory cybersecurity framework for financial services companies regulated by the NYDFS. Effective March 2017 and significantly amended in November 2023, it was the first state-level cybersecurity regulation in the US […]
ISO 27799 — Health Informatics Security
What is ISO 27799? ISO 27799:2016 is an international standard that provides guidance on implementing ISO 27002 controls specifically within the health informatics sector. It addresses the particular information security requirements of health organisations — including the protection of personal health information (PHI) in electronic form. While HIPAA addresses US-specific legal requirements for health data, […]
ISO 27002:2022
What is ISO 27002? ISO/IEC 27002:2022 is the companion standard to ISO 27001 — while ISO 27001 defines the requirements for an Information Security Management System (ISMS), ISO 27002 provides detailed guidance on the implementation of the Annex A controls. Think of ISO 27001 as the what and ISO 27002 as the how. ISO 27002 […]