AssuranceLab now works with 30+ international frameworks, regulations and standards that we can accredit through assurance reports, certifications and audits. These can be self-assessed - singularly or in combination - using our always-free GRC platform, Pillar. Simply sign-up, create your organisation, go into Assessments view, select the standards you want to comply with and follow the assessment questions to see the live identification of your compliance activities and any gaps.
Below is a short explainer of the frameworks and standards we support as an audit firm. As a CA and CPA firm, Certified CSA STAR Auditor, and a certification body for the ISO family of standards, we can offer various accreditations to support your compliance outcomes.
Australian Privacy Act
The Australian Privacy Act governs the handling of personal information in Australia and establishes the Australian Privacy Principles (APPs) that organizations must adhere to when collecting, using, and disclosing personal data.
CBA Tier 1 Vendor Framework
The CBA (Commonwealth Bank of Australia) Tier 1 Vendor Framework outlines the requirements and standards that tier 1 vendors must meet to ensure data security and privacy when providing services to the Commonwealth Bank.
California Consumer Privacy Act
The California Consumer Privacy Act (CCPA) is a privacy law in California, USA, that grants California residents rights and control over their personal information held by businesses and mandates obligations for businesses that process such data.
Consumer Data Right
The Consumer Data Right (CDR) is a legislative, regulatory, and standards framework in Australia that allows consumers to access and share their data securely with trusted third parties for better control and use of their information.
CIS CSC
The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture.
COBIT 5
COBIT 5 is the overarching business and management framework for governance and management of enterprise IT. This volume documents the five principles of COBIT 5 and defines the 7 supporting enablers that form the framework.
CPS 234
CPS 234 is an Australian Prudential Regulation Authority (APRA) standard designed to enhance cybersecurity resilience in the financial industry. It mandates that APRA-regulated entities implement measures to protect against and respond to cyber incidents effectively.
CSA Star
The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) program provides a framework for assessing cloud service providers' security postures. It allows providers to self-assess and publish their security controls to build trust with customers.
ESG
Environmental, Social, and Governance criteria used to evaluate a company's impact on society and the environment. Investors consider ESG factors to assess a company's sustainability and ethical practices.
Essential 8
Essential 8 is a set of cybersecurity controls developed by the Australian Cyber Security Centre (ACSC). It provides prioritized strategies to mitigate the most significant cyber threats, helping organizations strengthen their security posture.
General Data Protection Regulation (GDPR)
GDPR is a comprehensive European Union regulation that governs the protection and privacy of personal data of EU citizens. It outlines strict rules for organizations handling such data and imposes hefty fines for
non-compliance.
Global Reporting Initiative
The Global Reporting Initiative (GRI) provides a framework for organizations to report on their sustainability and environmental, social, and governance (ESG) performance. It helps promote transparency and accountability in corporate reporting.
GS 007 - A. Custody
Section A. Custody is a guideline under the Australian Accounting Standards issued by the AUASB (Auditing and Assurance Standards Board). It provides recommendations and best practices for auditors and assurance practitioners when dealing with custody arrangements in financial institutions and other entities.
GS 007 - B. Investment
Section B. Investment Management is a guideline under the Australian Banking Standards (AUSB). It focuses on the management and oversight of investment activities for financial institutions, promoting risk management and compliance.
GS 007 - E. Administration
Section E. Administration is a guideline under the Australian Accounting Standards issued by the AUASB. It provides recommendations and considerations for auditors and assurance practitioners regarding administration and management practices in financial institutions and other entities.
GS 007 - F. Registry
Section F. Registry is a guideline under the Australian Accounting Standards issued by the AUASB. It focuses on the audit and assurance considerations related to registry activities and the maintenance of accurate customer and transactional records in financial institutions and other entities.
HIPAA
The Health Insurance Portability and Accountability Act (HIPAA) is a US law that regulates the security and privacy of protected health information (PHI) in the healthcare industry.
ISO 27001 ISMS
ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), providing a systematic approach for managing sensitive company information to keep it secure.
ISO 27001:2013
ISO/IEC 27001:2013 is the previous version of the international standard for ISMS. It outlines the requirements for establishing, implementing, maintaining, and continually improving an ISMS.
ISO 27001:2022
ISO/IEC 27001:2022 is the latest version of the international standard for ISMS, providing updated guidelines for effective information security management.
ISO 27017
ISO/IEC 27017 is a code of practice for cloud service providers, offering guidelines for implementing information security controls tailored to cloud computing environments.
ISO 27701
ISO/IEC 27701 is a privacy extension to ISO 27001, providing guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).
ISO 42001 AIMS
International Management System standard for the safe and reliable development and implementation of AI, and it enables certification of Artificial Intelligence Management Systems (AIMS). It specifies requirements for establishing, implementing, maintaining, and continually improving an Artificial Intelligence Management System (AIMS) within organisations.
Modern Slavery
Modern Slavery refers to various forms of exploitation, including forced labor and human trafficking. Efforts to combat modern slavery aim to protect vulnerable individuals from being exploited and promote fair and ethical labor practices.
MVSP
Minimum Viable Security Practices are foundational security measures that organizations should implement to establish a baseline level of security.
NIST CSF
The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a set of guidelines and best practices to help organizations manage and reduce cybersecurity risks effectively.
New Zealand Privacy Act
The New Zealand Privacy Act dictates the requirements for handling consumer data in New Zealand to protect the privacy rights of individuals.
PCI-DSS 4.0
The Payment Card Industry Data Security Standard (PCI-DSS) version 4.0 is a set of security standards that organizations must follow when processing, transmitting, or storing payment card data to ensure the protection of cardholders' information.
SOC 1 / SOX ITGC
SOC 1 (Service Organization Control 1) reports focus on controls relevant to financial reporting, including SOX (Sarbanes-Oxley) IT General Controls (ITGC) that are essential for financial compliance.
SOC 2
SOC 2 reports assess the effectiveness of a service provider's controls related to security, availability, processing integrity, confidentiality, and privacy.
- SOC 2 Availability: SOC 2 Availability focuses on the evaluation of a service provider's systems to ensure they are available and accessible as agreed upon with customers.
- SOC 2 Confidentiality: SOC 2 Confidentiality assesses how well a service provider safeguards confidential information and sensitive data.
- SOC 2 Privacy: SOC 2 Privacy evaluates the protection, collection, use, retention, and disposal of personal information in accordance with the organization's privacy policies.
- SOC 2 Processing Integrity: SOC 2 Processing Integrity assesses whether the service provider's processing activities are accurate, complete, and timely.
UN SDGs
The United Nations Sustainable Development Goals (SDGs) are a set of 17 global goals aiming to address various social, economic, and environmental challenges to achieve a more sustainable future for all.