AI GRC Large Language Model

ISO/IEC 27001: Information Security Management System (ISMS)

ISO/IEC 27001 provides a framework for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It outlines requirements for assessing risks and implementing appropriate security controls.

 

NIST Cybersecurity Framework (CSF)

Developed by the National Institute of Standards and Technology (NIST), the Cybersecurity Framework offers guidelines and best practices for organizations to manage and reduce cybersecurity risks. It consists of a set of standards, guidelines, and best practices for improving cybersecurity posture.

​

GDPR (General Data Protection Regulation)

GDPR is a regulation in EU law concerning data protection and privacy for individuals within the European Union and the European Economic Area. It addresses the export of personal data outside the EU and EEA areas, aiming to give control to individuals over their personal data and simplify the regulatory environment for international business.

​

Business Continuity Management System (BCMS) - ISO 22301

ISO 22301 provides a framework for establishing, implementing, maintaining, and continually improving a business continuity management system within an organization. It helps organizations identify potential threats and implement resilience measures to ensure business continuity in case of disruptive incidents. 

 

Payment Card Industry Data Security Standard (PCI DSS)

PCI DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. Compliance with PCI DSS is mandatory for organizations handling payment card data. 

​

ISO/IEC 27002: Code of practice for information security controls

ISO/IEC 27002 provides guidelines and best practices for implementing information security controls. It offers a comprehensive set of controls, categorized under various domains, to address different aspects of information security management. 

​

COBIT (Control Objectives for Information and Related Technologies)

COBIT is a framework developed by ISACA for the governance and management of enterprise IT. It provides a set of principles, practices, analytical tools, and models to help organizations ensure effective IT governance and management. 

​

ITIL (Information Technology Infrastructure Library)

ITIL is a set of practices for IT service management (ITSM) that focuses on aligning IT services with the needs of the business. It provides a framework for organizations to deliver high-quality IT services and improve overall service delivery. 

​

CIS Controls (Center for Internet Security Controls)

CIS Controls are a set of prioritized cybersecurity best practices developed by the Center for Internet Security. They provide specific actions that organizations can take to enhance their cybersecurity posture and defend against common cyber threats. 

 

HIPAA (Health Insurance Portability and Accountability Act)

HIPAA is a US legislation that sets standards for the protection of sensitive patient health information. It includes provisions for safeguarding medical records and other personal health information, ensuring their confidentiality, integrity, and availability. 

​

RISK MANAGEMENT

ISO 31000: Risk Management

ISO 31000 provides principles, a framework, and a process for managing risk effectively within organizations. It emphasizes the importance of understanding, assessing, and treating risks to improve decision-making and achieve objectives. 

 

COSO ERM (Enterprise Risk Management)

COSO ERM framework offers a comprehensive approach to identifying, assessing, responding to, and monitoring risks across an organization. It aims to enhance organizational performance and create sustainable value by integrating risk management into strategic planning and day-to-day operations. 

 

NIST SP 800-37: Risk Management Framework (RMF) for Information Systems and Organizations

NIST SP 800-37 provides guidelines for implementing risk management processes for information systems and organizations. It outlines steps for categorizing systems, selecting security controls, implementing controls, assessing effectiveness, and authorizing systems to operate. 

​

ANSI/ASSP Z690: Risk Management - Principles and Guidelines

ANSI/ASSP Z690 standardizes principles and guidelines for risk management across various industries and organizations. It offers a systematic approach to identifying, assessing, and managing risks to enhance decision-making and achieve objectives. 

 

ISO/IEC 31010: Risk Management - Risk Assessment Techniques

ISO/IEC 31010 provides guidance on selecting and applying risk assessment techniques. It offers a toolbox of methods for identifying, analyzing, and evaluating risks to support decision-making and risk treatment. 

​

PMI PMBOK Guide: Project Risk Management

The Project Management Institute's (PMI) PMBOK Guide includes a section on project risk management, which covers processes for identifying, analyzing, and responding to risks throughout the project lifecycle. It aims to increase the likelihood of project success by effectively managing uncertainties. 

​

FAIR (Factor Analysis of Information Risk)

FAIR is a framework for analyzing and quantifying information risk in financial terms. It provides a structured approach to understanding, measuring, and communicating risk to facilitate more informed decision-making.