Risk Framework Guides

Learn about major compliance frameworks, their requirements, and how PartnerAlly helps you achieve and maintain compliance. We currently support 11 frameworks, with 25 more coming in 2026.

Security

SOC 2

System and Organization Controls 2

The gold standard for demonstrating security practices to enterprise customers and partners.

Learn more

Security

ISO 27001

ISO/IEC 27001 Information Security Management

The international standard for information security management systems (ISMS).

Learn more

2026Privacy

GDPR

General Data Protection Regulation

The EU's comprehensive data protection law that sets the global standard for privacy rights.

Learn more

Privacy

CCPA/CPRA

California Consumer Privacy Act / California Privacy Rights Act

California state law granting consumers control over their personal information.

Learn more

2026Healthcare

HIPAA

Health Insurance Portability and Accountability Act

Federal law protecting sensitive patient health information from disclosure.

Learn more

Financial

PCI DSS

Payment Card Industry Data Security Standard

Security standard for organizations that handle branded credit cards.

Learn more

Financial

BSA/AML

Bank Secrecy Act / Anti-Money Laundering

Federal laws requiring financial institutions to detect and prevent money laundering.

Learn more

Security

NIST CSF

NIST Cybersecurity Framework

Voluntary framework providing standards and best practices for managing cybersecurity risk.

Learn more

2026Government

FedRAMP

Federal Risk and Authorization Management Program

Standardized approach to security assessment for cloud products used by federal agencies.

Learn more

2026Government

CMMC

Cybersecurity Maturity Model Certification

DoD framework ensuring defense contractors protect sensitive defense information.

Learn more

2026Financial

SOX

Sarbanes-Oxley Act

Federal law mandating financial reporting controls for public companies.

Learn more

Financial

GLBA

Gramm-Leach-Bliley Act

Federal law requiring financial institutions to protect consumer financial information.

Learn more

Crypto

FATF Travel Rule

FATF Recommendation 16 - Wire Transfer Rule

International standard requiring VASPs to share originator and beneficiary information for virtual asset transfers.

Learn more

2026Crypto

MiCA

Markets in Crypto-Assets Regulation

EU comprehensive regulatory framework for crypto-assets, stablecoins, and crypto-asset service providers.

Learn more

2026Healthcare

HITRUST CSF

HITRUST Common Security Framework

Comprehensive, certifiable security framework that harmonizes healthcare-specific and general security requirements.

Learn more

2026Financial

SOC 1

System and Organization Controls 1

Audit report focused on controls relevant to user entities' internal control over financial reporting.

Learn more

2026Security

CSA STAR

Cloud Security Alliance Security, Trust, Assurance, and Risk

Cloud-specific security certification program demonstrating security posture of cloud service providers.

Learn more

2026Education

FERPA

Family Educational Rights and Privacy Act

Federal law protecting the privacy of student education records.

Learn more

2026Education

COPPA

Children's Online Privacy Protection Act

Federal law imposing requirements on websites and online services directed to children under 13.

Learn more

2026Government

NIST 800-171

Protecting Controlled Unclassified Information in Nonfederal Systems

NIST guidelines for protecting Controlled Unclassified Information (CUI) in nonfederal systems.

Learn more

2026Government

NIST 800-53

Security and Privacy Controls for Information Systems and Organizations

Comprehensive catalog of security and privacy controls for federal information systems.

Learn more

2026Government

StateRAMP

State Risk and Authorization Management Program

Standardized cybersecurity framework for cloud service providers serving state and local governments.

Learn more

2026Industrial

IEC 62443

Industrial Automation and Control Systems Security

International standard series for security of industrial automation and control systems (IACS).

Learn more

2026Industrial

NERC CIP

North American Electric Reliability Corporation Critical Infrastructure Protection

Mandatory cybersecurity standards for the bulk electric system in North America.

Learn more

2026Industrial

TSA Pipeline Security

TSA Pipeline Security Directives

Mandatory cybersecurity requirements for critical pipeline operators in the United States.

Learn more

2026Financial

NAIC Model Laws

National Association of Insurance Commissioners Insurance Data Security Model Law

Model cybersecurity law for insurance industry adopted by US states.

Learn more

2026Privacy

ABA Cybersecurity

American Bar Association Cybersecurity Ethics Guidance

Ethics guidance for lawyers on technology competence and protecting client information.

Learn more

2026Privacy

State Privacy Laws

US State Consumer Privacy Laws

Comprehensive consumer privacy laws enacted by US states including Virginia, Colorado, Connecticut, and others.

Learn more

2026Telecom

FCC Regulations

Federal Communications Commission Telecommunications Regulations

Federal regulations governing telecommunications carriers, broadcasters, and communications services.

Learn more

2026Telecom

CPNI Rules

Customer Proprietary Network Information Protection Rules

FCC rules protecting sensitive customer data held by telecommunications carriers.

Learn more

2026Life Sciences

21 CFR Part 11

FDA Electronic Records and Electronic Signatures

FDA regulations establishing criteria for electronic records and signatures in pharmaceutical and medical device industries.

Learn more

2026Life Sciences

GxP

Good Practice Regulations (GMP, GLP, GCP)

FDA and international regulations ensuring quality and safety in pharmaceutical, medical device, and clinical research.

Learn more

2026AI Governance

EU AI Act

European Union Artificial Intelligence Act

The world's first comprehensive AI regulation establishing risk-based requirements for AI systems in the EU.

Learn more

AI Governance

NIST AI RMF

NIST Artificial Intelligence Risk Management Framework

Voluntary framework for managing risks associated with AI systems throughout their lifecycle.

Learn more

Financial

NYDFS 500

New York Department of Financial Services Cybersecurity Regulation

Cybersecurity requirements for financial services companies operating in New York State.

Learn more

Crypto

C4 CCSS

CryptoCurrency Security Standard

Security standard for organizations storing, accepting, or transacting cryptocurrencies.

Learn more

Ready to simplify your risk management journey?

PartnerAlly helps you manage risk across multiple frameworks from a single platform with AI-powered automation.

Request a Demo