Compare Compliance Standards
Select two standards to see a detailed side-by-side comparison
23 NYCRR 500Mandatory
Cybersecurity Requirements for Financial Services Companies
New York State regulation mandating a robust cybersecurity program, CISO designation, and 72-hour incident reporting for licensed financial entities. Significantly amended in 2023.
Industries: Banking, Insurance, Financial Services
AEOVoluntary
Authorized Economic Operator
European Union voluntary standard for the Supply Chain/Trade sector covering Customs Security. Official: Authorized Economic Operator.
Industries: Supply Chain/Trade
APPIMandatory
Act on Protection of Personal Information
Japan mandatory regulation across industries covering Data Privacy. Official: Act on Protection of Personal Information.
Industries: Cross-industry
APRA CPS 234Mandatory
CPS 234 Information Security
Australia mandatory regulation for the Financial Services sector covering Information Security. Official: CPS 234 Information Security.
Industries: Financial Services
AS9100Mandatory
Aerospace Standard 9100
Global mandatory regulation for the Aerospace sector covering Quality Management. Official: AS9100D.
Industries: Aerospace
AS9110CMandatory
Aerospace Quality Management Systems
Global mandatory regulation for the Aerospace MRO sector covering Quality Management. Official: AS9110C.
Industries: Aerospace MRO
AS9120BMandatory
Aerospace Quality Management Systems
Global mandatory regulation for the Aerospace Distribution sector covering Quality Management. Official: AS9120B.
Industries: Aerospace Distribution
Australian Privacy ActMandatory
Australian Privacy Act
Australia mandatory regulation across industries covering Data Privacy. Official: Australian Privacy Act.
Industries: Cross-industry
Basel IIIMandatory
Basel III Framework
Global mandatory regulation for the Banking sector covering Financial Risk Management. Official: Basel III Framework.
Industries: Banking
BRCVoluntary
Food Safety Global Standard
Global voluntary standard for the Food & Beverage sector covering Food Safety. Official: BRC Global Standard Issue 9.
Industries: Food & Beverage
BREEAMVoluntary
Building Research Establishment Environmental Assessment Method
Global voluntary standard for the Construction/Real Estate sector covering Building Sustainability. Official: Building Research Establishment Environmental Assessment Method.
Industries: Construction/Real Estate
C-TPATVoluntary
Customs-Trade Partnership Against Terrorism
United States voluntary standard for the Supply Chain/Trade sector covering Supply Chain Security. Official: Customs-Trade Partnership Against Terrorism.
Industries: Supply Chain/Trade
CAAMandatory
Clean Air Act
United States mandatory regulation for the Manufacturing/Energy sector covering Air Quality. Official: Clean Air Act.
Industries: Manufacturing/Energy
CCPAMandatory
California Consumer Privacy Act
California, USA mandatory regulation across industries covering Data Privacy. Official: California Consumer Privacy Act.
Industries: Cross-industry
CE MarkingMandatory
CE Conformity Marking
European Economic Area mandatory regulation for the Manufacturing sector covering Product Safety. Official: CE Conformity Marking.
Industries: Manufacturing
CIS ControlsVoluntary
CIS Critical Security Controls v8
Global voluntary standard across industries covering Cybersecurity. Official: CIS Critical Security Controls v8.
Industries: Cross-industry
CMMCMandatory
Cybersecurity Maturity Model Certification
United States mandatory regulation for the Defense/Contractors sector covering Cybersecurity Maturity. Official: CMMC 2.0.
Industries: Defense/Contractors
CMMIVoluntary
Capability Maturity Model Integration
Global voluntary standard for the Software/IT sector covering Process Maturity. Official: CMMI v3.0.
Industries: Software/IT
COBITVoluntary
Control Objectives for Information and Related Technologies
Global voluntary standard for the IT Governance sector covering IT Governance. Official: COBIT 2019.
Industries: IT Governance
COPPAMandatory
Children's Online Privacy Protection Act
United States mandatory regulation for the Technology/Online Services sector covering Children Privacy. Official: Children's Online Privacy Protection Act.
Industries: Technology/Online Services
CSAVoluntary
Product Safety Standard
North America voluntary standard for the Manufacturing sector covering Product Safety. Official: CSA Standards.
Industries: Manufacturing
CSLMandatory
Cybersecurity Law of China
China mandatory regulation across industries covering Cybersecurity. Official: Cybersecurity Law of China.
Industries: Cross-industry
DORAMandatory
Digital Operational Resilience Act
European Union mandatory regulation for the Financial Services sector covering Digital Operational Resilience. Official: Digital Operational Resilience Act.
Industries: Financial Services
EMASVoluntary
Eco-Management and Audit Scheme
European Union voluntary standard across industries covering Environmental Management. Official: Eco-Management and Audit Scheme.
Industries: Cross-industry
EN 1090Mandatory
EN 1090-1:2009
European Union mandatory regulation for the Construction/Steel sector covering Structural Metalwork. Official: EN 1090-1:2009.
Industries: Construction/Steel
ENERGY STARVoluntary
Energy Efficiency
United States voluntary standard across industries covering Energy Efficiency. Official: ENERGY STAR Program.
Industries: Cross-industry
EPAMandatory
EPA Environmental Regulations
United States mandatory regulation across industries covering Environmental Protection. Official: EPA Environmental Regulations.
Industries: Cross-industry
EU AI ActMandatory
Artificial Intelligence Act
European Union mandatory regulation across industries covering Artificial Intelligence. Official: Regulation (EU) 2024/1689.
Industries: Cross-industry
FDA 21 CFR Part 11Mandatory
21 CFR Part 11
United States mandatory regulation for the Pharmaceutical sector covering Electronic Records. Official: 21 CFR Part 11.
Industries: Pharmaceutical
FedRAMPMandatory
Federal Risk and Authorization Management Program
United States mandatory regulation for the Cloud Services sector covering Cloud Security. Official: Federal Risk and Authorization Management Program.
Industries: Cloud Services
FERPAMandatory
Family Educational Rights and Privacy Act
United States mandatory regulation for the Education sector covering Student Privacy. Official: Family Educational Rights and Privacy Act.
Industries: Education
FISMAMandatory
Federal Information Security Modernization Act
United States mandatory regulation for the Government sector covering Cybersecurity. Official: Federal Information Security Modernization Act.
Industries: Government
FSSC 22000Voluntary
Food Safety System Certification
Global voluntary standard for the Food & Beverage sector covering Food Safety. Official: FSSC 22000 v6.
Industries: Food & Beverage
GDPRMandatory
General Data Protection Regulation
European Union + EEA mandatory regulation across industries covering Data Privacy. Official: EU Regulation 2016/679.
Industries: Cross-industry
GDPR UKMandatory
GDPR UK
UK mandatory regulation across industries covering Data Privacy. Official: GDPR UK.
Industries: Cross-industry
GLBAMandatory
Gramm-Leach-Bliley Act
United States mandatory regulation for the Financial Services sector covering Financial Privacy. Official: Gramm-Leach-Bliley Act.
Industries: Financial Services
GMPMandatory
Good Manufacturing Practice
Global mandatory regulation for the Pharmaceutical sector covering Manufacturing Quality. Official: Good Manufacturing Practice.
Industries: Pharmaceutical
GRIVoluntary
Global Reporting Initiative
Global voluntary standard across industries covering Sustainability Reporting. Official: GRI Universal Standards 2021.
Industries: Cross-industry
HIPAAMandatory
Health Insurance Portability and Accountability Act
United States mandatory regulation for the Healthcare sector covering Healthcare Data Privacy. Official: Health Insurance Portability and Accountability Act.
Industries: Healthcare
HITRUST CSFVoluntary
Health Information Trust Alliance Common Security Framework
United States voluntary standard for the Healthcare sector covering Information Security. Official: HITRUST CSF v11.
Industries: Healthcare
IATF 16949Mandatory
IATF 16949:2016
Global mandatory regulation for the Automotive sector covering Quality Management. Official: IATF 16949:2016.
Industries: Automotive
IEC 62443Voluntary
Industrial Cybersecurity Standard
Global voluntary standard for the Industrial/Manufacturing sector covering Industrial Cybersecurity. Official: IEC 62443 Series.
Industries: Industrial/Manufacturing
IFS FoodVoluntary
International Featured Standards
Europe voluntary standard for the Food & Beverage sector covering Food Safety. Official: IFS Food Version 8.
Industries: Food & Beverage
ISA 95Voluntary
Enterprise-Control Integration
Global voluntary standard for the Manufacturing sector covering Enterprise-Control Integration. Official: ANSI/ISA-95.
Industries: Manufacturing
ISO 13485Mandatory
Quality Management System (QMS) for Medical Devices
Global mandatory regulation for the Medical Devices sector covering Quality Management. Official: ISO 13485:2016.
Industries: Medical Devices
ISO 14001Voluntary
Environmental Management
Global voluntary standard across industries covering Environmental Management. Official: ISO 14001:2015.
Industries: Cross-industry
ISO 14064Voluntary
Greenhouse Gas Accounting Standard
Global voluntary standard across industries covering Greenhouse Gas Accounting. Official: ISO 14064:2018.
Industries: Cross-industry
ISO 17025Voluntary
Laboratory Quality
Global voluntary standard for the Testing/Laboratory sector covering Laboratory Quality. Official: ISO/IEC 17025:2017.
Industries: Testing/Laboratory
ISO 19600Voluntary
Compliance Management Standard
Global voluntary standard across industries covering Compliance Management. Official: ISO 19600:2014 (now ISO 37301).
Industries: Cross-industry
ISO 20000Voluntary
IT Service Management Standard
Global voluntary standard for the IT Services sector covering IT Service Management. Official: ISO/IEC 20000-1:2018.
Industries: IT Services
ISO 21001Voluntary
Educational Management Standard
Global voluntary standard for the Education sector covering Educational Management. Official: ISO 21001:2018.
Industries: Education
ISO 22000Voluntary
Food Safety Standard
Global voluntary standard for the Food & Beverage sector covering Food Safety. Official: ISO 22000:2018.
Industries: Food & Beverage
ISO 22301Voluntary
Business Continuity Standard
Global voluntary standard across industries covering Business Continuity. Official: ISO 22301:2019.
Industries: Cross-industry
ISO 26000Voluntary
Social Responsibility Standard
Global voluntary standard across industries covering Social Responsibility. Official: ISO 26000:2010.
Industries: Cross-industry
ISO 27001Voluntary
Information Security Management Standard
Global voluntary standard across industries covering Cybersecurity. Official: ISO/IEC 27001:2022.
Industries: Cross-industry
ISO 27017Voluntary
Cloud Security Standard
Global voluntary standard for the Cloud Services sector covering Cloud Security. Official: ISO/IEC 27017:2015.
Industries: Cloud Services
ISO 27018Voluntary
Cloud Privacy Standard
Global voluntary standard for the Cloud Services sector covering Cloud Privacy. Official: ISO/IEC 27018:2019.
Industries: Cloud Services
ISO 27032Voluntary
Cybersecurity Standard
Global voluntary standard across industries covering Cybersecurity. Official: ISO/IEC 27032:2012.
Industries: Cross-industry
ISO 27701Voluntary
Privacy Management Standard
Global voluntary standard across industries covering Privacy Management. Official: ISO/IEC 27701:2019.
Industries: Cross-industry
ISO 28000Voluntary
Supply Chain Security Standard
Global voluntary standard for the Supply Chain/Logistics sector covering Supply Chain Security. Official: ISO 28000:2022.
Industries: Supply Chain/Logistics
ISO 30301Voluntary
Records Management Standard
Global voluntary standard across industries covering Records Management. Official: ISO 30301:2019.
Industries: Cross-industry
ISO 31000Voluntary
Risk Management Standard
Global voluntary standard across industries covering Risk Management. Official: ISO 31000:2018.
Industries: Cross-industry
ISO 37001Voluntary
Anti-Bribery/Compliance Standard
Global voluntary standard across industries covering Anti-Bribery/Compliance. Official: ISO 37001:2025.
Industries: Cross-industry
ISO 37301Voluntary
Compliance Management Standard
Global voluntary standard across industries covering Compliance Management. Official: ISO 37301:2021.
Industries: Cross-industry
ISO 41001Voluntary
Facility Management Standard
Global voluntary standard for the Facility Management sector covering Facility Management. Official: ISO 41001:2018.
Industries: Facility Management
ISO 45001Voluntary
Occupational Health & Safety
Global voluntary standard across industries covering Occupational Health & Safety. Official: ISO 45001:2018.
Industries: Cross-industry
ISO 50001Voluntary
Energy Management Standard
Global voluntary standard across industries covering Energy Management. Official: ISO 50001:2018.
Industries: Cross-industry
ISO 55001Voluntary
Asset Management Standard
Global voluntary standard for the Asset-intensive Industries sector covering Asset Management. Official: ISO 55001:2014.
Industries: Asset-intensive Industries
ISO 56002Voluntary
Innovation Management Standard
Global voluntary standard across industries covering Innovation Management. Official: ISO 56002:2019.
Industries: Cross-industry
ISO 9001Voluntary
Quality Management Systems (QMS)
Global voluntary standard across industries covering Quality Management. Official: ISO 9001:2015.
Industries: Cross-industry
ISO/IEC 42001Voluntary
AI Management Standard
Global voluntary standard for the Technology/AI sector covering AI Management. Official: ISO/IEC 42001:2023.
Industries: Technology/AI
ITILVoluntary
Information Technology Infrastructure Library
Global voluntary standard for the IT Services sector covering IT Service Management. Official: ITIL 4.
Industries: IT Services
J-SOXMandatory
Financial Instruments and Exchange Law
Japan mandatory regulation for the Financial Services sector covering Financial Reporting. Official: Financial Instruments and Exchange Law.
Industries: Financial Services
K-PIPAMandatory
Personal Information Protection Act
South Korea mandatory regulation across industries covering Data Privacy. Official: Personal Information Protection Act.
Industries: Cross-industry
LEEDVoluntary
Leadership in Energy and Environmental Design
Global voluntary standard for the Construction/Real Estate sector covering Green Building. Official: Leadership in Energy and Environmental Design.
Industries: Construction/Real Estate
LGPDMandatory
Lei Geral de Proteção de Dados
Brazil mandatory regulation across industries covering Data Privacy. Official: Lei Geral de Proteção de Dados.
Industries: Cross-industry
MAS TRMMandatory
MAS Technology Risk Management Guidelines
Singapore mandatory regulation for the Financial Services sector covering Technology Risk Management. Official: MAS Technology Risk Management Guidelines.
Industries: Financial Services
MLPS 2.0Mandatory
Multi-Level Protection Scheme 2.0
China mandatory regulation across industries covering Cybersecurity. Official: Multi-Level Protection Scheme 2.0.
Industries: Cross-industry
NERC CIPMandatory
NERC CIP-002 to CIP-014
North America mandatory regulation for the Energy/Utilities sector covering Critical Infrastructure Protection. Official: NERC CIP-002 to CIP-014.
Industries: Energy/Utilities
NIS2Mandatory
Network and Information Security Directive
European Union mandatory regulation for the Critical Infrastructure sector covering Cybersecurity. Official: NIS2 Directive (EU 2022/2555).
Industries: Critical Infrastructure
NIST 800-171Mandatory
NIST SP 800-171 Rev. 2
United States mandatory regulation for the Defense/Contractors sector covering Controlled Unclassified Information. Official: NIST SP 800-171 Rev. 2.
Industries: Defense/Contractors
NIST 800-53Mandatory
NIST SP 800-53 Rev. 5
United States mandatory regulation for the Government/Federal sector covering Security Controls. Official: NIST SP 800-53 Rev. 5.
Industries: Government/Federal
NIST CSFVoluntary
NIST Cybersecurity Framework 2.0
Global voluntary standard across industries covering Cybersecurity. Official: NIST Cybersecurity Framework 2.0.
Industries: Cross-industry
OSHAMandatory
Occupational Safety and Health Administration Standards (29 CFR)
United States mandatory regulation across industries covering Occupational Safety. Official: OSHA Standards (29 CFR).
Industries: Cross-industry
PCI DSSMandatory
Payment Card Industry Data Security Standard
Global mandatory regulation for the Financial Services / Payment sector covering Payment Security. Official: PCI DSS v4.0.
Industries: Financial Services / Payment
PDPAMandatory
Personal Data Protection Act
Singapore mandatory regulation across industries covering Data Privacy. Official: Personal Data Protection Act.
Industries: Cross-industry
PIPEDAMandatory
Personal Information Protection and Electronic Documents Act
Canada mandatory regulation across industries covering Data Privacy. Official: Personal Information Protection and Electronic Documents Act.
Industries: Cross-industry
PIPLMandatory
Personal Information Protection Law
China mandatory regulation across industries covering Data Privacy. Official: Personal Information Protection Law.
Industries: Cross-industry
PMBOKVoluntary
Project Management Body of Knowledge.
Global voluntary standard for the Project Management sector covering Project Management. Official: PMBOK Guide 7th Edition.
Industries: Project Management
POPIAMandatory
Protection of Personal Information Act
South Africa mandatory regulation across industries covering Data Privacy. Official: Protection of Personal Information Act.
Industries: Cross-industry
PRINCE2Voluntary
Projects IN Controlled Environments
Global voluntary standard for the Project Management sector covering Project Management. Official: PRINCE2 7th Edition.
Industries: Project Management
REACHMandatory
Registration, Evaluation, Authorisation and Restriction of Chemicals
European Union mandatory regulation for the Chemical/Manufacturing sector covering Chemical Safety. Official: EC Regulation 1907/2006.
Industries: Chemical/Manufacturing
RoHSMandatory
Restriction of Hazardous Substances
European Union mandatory regulation for the Electronics/Manufacturing sector covering Hazardous Substances. Official: RoHS Directive 2011/65/EU.
Industries: Electronics/Manufacturing
SAFeVoluntary
Scaled Agile Framework 6.0
Global voluntary standard for the Software Development sector covering Agile Scaling. Official: Scaled Agile Framework 6.0.
Industries: Software Development
SAMA CSFMandatory
SAMA Cybersecurity Framework
Saudi Arabia mandatory regulation for the Financial Services sector covering Cybersecurity. Official: SAMA Cybersecurity Framework.
Industries: Financial Services
Six SigmaVoluntary
Process Improvement
Global voluntary standard across industries covering Process Improvement. Official: Six Sigma (Lean Six Sigma).
Industries: Cross-industry
SOC 2Voluntary
System and Organization Controls 2
Global voluntary standard for the Technology / SaaS sector covering Cybersecurity / Trust. Official: SOC 2 Type I/II.
Industries: Technology / SaaS
SOXMandatory
Sarbanes-Oxley Act of 2002
Global mandatory regulation for the Financial Services sector covering Financial Reporting. Official: Sarbanes-Oxley Act of 2002.
Industries: Financial Services
SQFVoluntary
Safe Quality Food
Global voluntary standard for the Food & Beverage sector covering Food Safety. Official: SQF Code Edition 9.
Industries: Food & Beverage
TISAXMandatory
Trusted Information Security Assessment Exchange
Global mandatory regulation for the Automotive sector covering Cybersecurity. Official: TISAX (VDA ISA 6.0).
Industries: Automotive
TOGAFVoluntary
The Open Group Architecture Framework
Global voluntary standard for the Enterprise Architecture sector covering Enterprise Architecture. Official: TOGAF 10.
Industries: Enterprise Architecture
U.S. SEC Cybersecurity RulesMandatory
Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure
Federal regulation requiring public companies to disclose material cybersecurity incidents on Form 8-K within four business days and describe cybersecurity strategy in annual Form 10-K. Official: Release Nos. 33-11216; 34-97989.
Industries: Public Companies
UAE PDPLMandatory
UAE Personal Data Protection Law
United Arab Emirates mandatory regulation across industries covering Data Privacy. Official: UAE Personal Data Protection Law.
Industries: Cross-industry
UL CertificationVoluntary
UL Standards
Global voluntary standard for the Manufacturing/Electronics sector covering Product Safety. Official: UL Standards.
Industries: Manufacturing/Electronics
WCAGVoluntary
Web Content Accessibility Guidelines
Global voluntary standard for the Digital/Web sector covering Web Accessibility. Official: WCAG 2.2.
Industries: Digital/Web
WEEEMandatory
Waste Electrical and Electronic Equipment
European Union mandatory regulation for the Electronics sector covering Waste Management. Official: WEEE Directive 2012/19/EU.
Industries: Electronics
WELLVoluntary
Building Health & Wellness
Global voluntary standard for the Construction/Real Estate sector covering Building Health & Wellness. Official: WELL Building Standard v2.
Industries: Construction/Real Estate
Run Maturity Assessments with GRADUM
Transform your compliance journey with our AI-powered assessment platform
Assess your organization's maturity across multiple standards and regulations including ISO 27001, DORA, NIS2, NIST, GDPR, and hundreds more. Get actionable insights and track your progress with collaborative, AI-powered evaluations.