Insights Open Source About Contact

Loading...

Security & compliance leadership accessible to organisations of all sizes. Enterprise-grade governance, fractional delivery.

Services

Fractional & Virtual CISO
Compliance Management
NIS2 & DORA Readiness
All Services

Platform

OrizonQA
Orizon Comply
Integrations
Request a Demo

Company

About
Insights
Open Source
Contact

Legal

Privacy Policy
Terms of Service

© 2026 Orizon. All rights reserved.

Observing risk. Accelerating quality.

Compliance Knowledge Base

Frameworks & Standards Navigator

Fact-based overviews of the regulations, standards, and certifications shaping cybersecurity. Every data point sourced from official authorities.

8

Frameworks Covered

4

Jurisdictions

100%

Officially Sourced

Regulation

Directive

Standard

Certification

Regulations & Directives

GDPR

General Data Protection Regulation

EU data protection regulation with extraterritorial scope. Applies to any organisation processing EU residents' personal data.

€20M / 4%Max Penalty

DORA

Digital Operational Resilience Act

ICT risk management framework for financial entities. Covers incident reporting, resilience testing, and third-party risk.

Jan 2025Enforced

NIS2

Network and Information Security Directive

Cybersecurity obligations for essential and important entities across 18 sectors. Introduces management liability.

€10M / 2%Max Penalty

HIPAA

Health Insurance Portability and Accountability Act

Federal statute protecting health information. Privacy Rule, Security Rule, and Breach Notification Rule.

$2.1MAvg Penalty

Standard

StandardInternational

PCI DSS

Payment Card Industry Data Security Standard

Payment card data security across 12 requirements and 6 goals. Version 4.0.1 is the current standard.

StandardInternational

ISO 27001

Information Security Management System

International standard for information security management. 93 Annex A controls organised in 4 themes.

Certification

CertificationUS

SOC 2

System and Organization Controls 2

AICPA Trust Services Criteria for service organisations. Type I and Type II reports covering security, availability, and more.

5Trust Criteria

CertificationUS DoD

CMMC

Cybersecurity Maturity Model Certification

Cybersecurity maturity for defence contractors. Three levels based on NIST SP 800-171 requirements.

Understanding the Compliance Landscape

Regulations, standards, and certifications serve different purposes. Understanding the distinction is key to building an effective compliance programme.

Regulations & Directives

Legally binding requirements issued by governments. Regulations apply directly; directives must be transposed into national law. Non-compliance carries fines and legal consequences.

GDPRDORANIS2

Standards

Voluntary frameworks published by recognised bodies defining best practices. Adoption is market-driven — often required by customers, partners, or insurers rather than law.

ISO 27001NIST CSF

Certifications

Third-party validated compliance assessments. An independent auditor verifies that controls meet defined criteria, providing assurance to customers and stakeholders.

SOC 2CMMC

Want the full picture?

Read our in-depth article on the differences between regulations, directives, certifications, and standards — with official sources for every claim.

Read the Deep Dive

Navigate Compliance With Confidence

Whether you're mapping your obligations or preparing for audit, our team helps you turn framework requirements into actionable security programmes.

Book a Discovery Call