Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

awesome-compliance

A curated list of tools, frameworks, and resources for IT compliance, security standards, and regulatory requirements
https://github.com/getprobo/awesome-compliance

Last synced: 3 days ago
JSON representation

Frameworks & standards
- ESG & sustainability
  - CDP - Carbon Disclosure Project (self-declarative).
  - GRI Standards - Global Reporting Initiative Standards (self-declarative).
  - ISO 45001 - Occupational health and safety (Annual audit).
  - ISO 50001 - Energy management (Annual audit).
  - SASB Standards - Sustainability Accounting Standards Board framework (self-declarative).
  - TCFD - Task Force on Climate-related Financial Disclosures (self-declarative).
  - SASB Standards - Sustainability Accounting Standards Board framework (self-declarative).
  - TCFD - Task Force on Climate-related Financial Disclosures (self-declarative).
  - UN SDGs - United Nations Sustainable Development Goals (self-declarative).
  - GRI Standards - Global Reporting Initiative Standards (self-declarative).
  - ISO 45001 - Occupational health and safety (Annual audit).
  - ISO 50001 - Energy management (Annual audit).
  - B Corp Certification - B Lab's Impact Assessment (Every three year).
  - CDP - Carbon Disclosure Project (self-declarative).
  - UN SDGs - United Nations Sustainable Development Goals (self-declarative).
- Financial & corporate
  - Basel Framework - Banking supervision standards (Regular supervisory reviews).
  - FCRA - Fair Credit Reporting Act for consumer data accuracy (Annual audit).
  - IFRS - International Financial Reporting Standards (Annual audit).
  - OFDSS - Open Financial Data Security Standard for fintech (self-declarative).
  - PCI-DSS - Payment Card Industry Data Security Standard for credit card protection (Annual audit).
  - SOX ITGC - IT General Controls under Sarbanes-Oxley (Annual audit).
  - FCRA - Fair Credit Reporting Act for consumer data accuracy (Annual audit).
  - IFRS - International Financial Reporting Standards (Annual audit).
  - OFDSS - Open Financial Data Security Standard for fintech (self-declarative).
  - PCI-DSS - Payment Card Industry Data Security Standard for credit card protection (Annual audit).
  - SOX ITGC - IT General Controls under Sarbanes-Oxley (Annual audit).
  - Basel Framework - Banking supervision standards (Regular supervisory reviews).
- Government & risk management
  - CPS234 - Australian Prudential Standard for financial information security.
  - ISO 42001 - AI Management System standard.
  - NIST CSF - Cybersecurity Framework for managing risk (self-declarative).
  - CPS234 - Australian Prudential Standard for financial information security.
  - ISO 42001 - AI Management System standard.
  - NIST CSF - Cybersecurity Framework for managing risk (self-declarative).
- Quality management
  - AS9100 - Aerospace quality management (Annual surveillance).
  - cGMP - FDA inspections required.
  - ISO 9001 - Quality management systems (3-year certification cycle).
  - ISO 13485 - Medical devices quality management (Annual surveillance).
  - ISO 22000 - Food safety management (Annual surveillance).
  - ISO/TS 16949 - Automotive quality management (Annual surveillance).
  - AS9100 - Aerospace quality management (Annual surveillance).
  - cGMP - FDA inspections required.
  - ISO 9001 - Quality management systems (3-year certification cycle).
  - ISO 13485 - Medical devices quality management (Annual surveillance).
  - ISO 22000 - Food safety management (Annual surveillance).
  - ISO/TS 16949 - Automotive quality management (Annual surveillance).
- Security, privacy & data protection
  - CCPA - California Consumer Privacy Act (self-declarative).
  - CMMC - Cybersecurity framework for government contractors (Annual audit).
  - FedRAMP - Federal Risk and Authorization Management Program (Annual assessment).
  - FISMA - Federal Information Security Modernization Act (Annual audit).
  - GDPR - General Data Protection Regulation (Self-assessment with DPO) (self-declarative).
  - HIPAA - Health Insurance Portability and Accountability Act (Regular audits required).
  - HITRUST CSF - Security framework used in healthcare (Annual audit).
  - ISO 27001 - Information security management (Annual audit).
  - ISO 27002 - Security controls guidance for ISO 27001 (self-declarative).
  - ISO 27017 - Cloud-specific security practices (self-declarative).
  - ISO 27018 - Cloud privacy controls for protecting PII (self-declarative).
  - ISO 27701 - Privacy Information Management System standard (Annual audit).
  - Microsoft SSPA - Microsoft's Supplier Security & Privacy Assurance (Annual audit).
  - NIST AI RMF - Risk management framework for AI governance (self-declarative).
  - PIPEDA - Personal Information Protection and Electronic Documents Act (self-declarative).
  - SOC 1 - Reporting on internal financial controls (Annual audit).
  - SOC 2 - Service Organization Control reports (Annual audit).
  - SOC 3 - Public report summarizing SOC 2 compliance (Annual audit).
  - US Data Privacy (USDP) - Generalized US data privacy regulations (self-declarative).
  - CCPA - California Consumer Privacy Act (self-declarative).
  - CMMC - Cybersecurity framework for government contractors (Annual audit).
  - FedRAMP - Federal Risk and Authorization Management Program (Annual assessment).
  - FISMA - Federal Information Security Modernization Act (Annual audit).
  - GDPR - General Data Protection Regulation (Self-assessment with DPO) (self-declarative).
  - HIPAA - Health Insurance Portability and Accountability Act (Regular audits required).
  - HITRUST CSF - Security framework used in healthcare (Annual audit).
  - ISO 27001 - Information security management (Annual audit).
  - ISO 27002 - Security controls guidance for ISO 27001 (self-declarative).
  - ISO 27017 - Cloud-specific security practices (self-declarative).
  - ISO 27018 - Cloud privacy controls for protecting PII (self-declarative).
  - ISO 27701 - Privacy Information Management System standard (Annual audit).
  - Microsoft SSPA - Microsoft's Supplier Security & Privacy Assurance (Annual audit).
  - NIST AI RMF - Risk management framework for AI governance (self-declarative).
  - PIPEDA - Personal Information Protection and Electronic Documents Act (self-declarative).
  - SOC 1 - Reporting on internal financial controls (Annual audit).
  - SOC 2 - Service Organization Control reports (Annual audit).
  - SOC 3 - Public report summarizing SOC 2 compliance (Annual audit).
  - US Data Privacy (USDP) - Generalized US data privacy regulations (self-declarative).
Tools & softwares
- Compliance automation
  - HIPAA One - HIPAA compliance for healthcare businesses.
  - Oneleet - End-to-end security compliance automation for SOC 2, ISO 27001, and more.
  - Probo - Compliance automation platform for SOC 2, ISO 27001 & more - **Open source**.
  - Secureframe - Automated security compliance for SOC 2, ISO 27001, HIPAA.
  - Drata - Security compliance automation for SOC 2, ISO 27001, PCI DSS.
  - Fortinet - Security compliance automation platform.
  - Fortinet - Security compliance automation platform.
  - HIPAA One - HIPAA compliance for healthcare businesses.
  - Oneleet - End-to-end security compliance automation for SOC 2, ISO 27001, and more.
  - Probo - Compliance automation platform for SOC 2, ISO 27001 & more - **Open source**.
  - Secureframe - Automated security compliance for SOC 2, ISO 27001, HIPAA.
  - Drata - Security compliance automation for SOC 2, ISO 27001, PCI DSS.
  - Sprinto - Compliance automation for SOC 2, ISO 27001.
  - Scrut - Compliane automation for security frameworks.
  - Vanta - Automated security monitoring and SOC 2, ISO 27001, HIPAA compliance.
  - Sprinto - Compliance automation for SOC 2, ISO 27001.
  - Scrut - Compliane automation for security frameworks.
  - Thoropass - Compliance automation and audit management.
  - Tugboat Logic - Security assurance platform for SOC 2, ISO 27001.
  - Thoropass - Compliance automation and audit management.
  - Tugboat Logic - Security assurance platform for SOC 2, ISO 27001.
  - Vanta - Automated security monitoring and SOC 2, ISO 27001, HIPAA compliance.
- ESG & sustainability platforms
  - Benchmark ESG - ESG performance management.
  - Diligent ESG - ESG and board governance.
  - Locus Technologies - ESG reporting and EHS compliance.
  - Novata - ESG solution.
  - Novisto - ESG data management.
  - Proof - ESG data management.
  - Sametrica - ESG data collection.
  - Workiva - Financial and ESG reporting platform.
  - Benchmark ESG - ESG performance management.
  - Diligent ESG - ESG and board governance.
  - Locus Technologies - ESG reporting and EHS compliance.
  - Novata - ESG solution.
  - Novisto - ESG data management.
  - Proof - ESG data management.
  - Sametrica - ESG data collection.
  - Workiva - Financial and ESG reporting platform.
- GRC
  - AuditBoard - Audit, risk and compliance management platform.
  - Archer - RSA's GRC platform.
  - Hyperproof - Compliance operations platform with automated workflows.
  - LogicGate - Risk Cloud platform.
  - MetricStream - GRC Cloud platform.
  - Onspring - Versatile GRC software.
  - OneTrust - Privacy & GRC platform.
  - ServiceNow GRC - Enterprise GRC platform.
  - TrustCloud - GRC automation.
  - Hyperproof - Compliance operations platform with automated workflows.
  - AuditBoard - Audit, risk and compliance management platform.
  - Archer - RSA's GRC platform.
  - LogicGate - Risk Cloud platform.
  - MetricStream - GRC Cloud platform.
  - Onspring - Versatile GRC software.
  - OneTrust - Privacy & GRC platform.
  - ServiceNow GRC - Enterprise GRC platform.
  - TrustCloud - GRC automation.
- Risk & compliance management
  - GRR Rapid Response - Open-source incident response framework by Google. - **Open source**.
  - GRR Rapid Response - Open-source incident response framework by Google. - **Open source**.
- Security assessment
  - OpenVAS - Vulnerability assessment scanner - **Open source**.
  - OSSEC - Host-based Intrusion Detection System - **Open source**.
  - OpenVAS - Vulnerability assessment scanner - **Open source**.
  - OSSEC - Host-based Intrusion Detection System - **Open source**.
  - Trivy - Vulnerability and compliance scanner for containers and infrastructure - **Open source**.
  - Wazuh - Security monitoring platform - **Open source**.
  - Trivy - Vulnerability and compliance scanner for containers and infrastructure - **Open source**.
  - Wazuh - Security monitoring platform - **Open source**.
Other ressources
- Community
  - Iso 27001 Forum - ISO27K forum.
  - Iso 27001 Forum - ISO27K forum.
  - r/Compliance - Reddit compliance community.
  - r/Compliance - Reddit compliance community.
- Content
  - MITRE ATT&CK - Open framework for understanding adversarial tactics and techniques.
  - SOC2 FYI - Guide comparing available solution for SOC2.
  - ISO27001.zip - Implementation guide for ISO 27001.
  - ISO27001.zip - Implementation guide for ISO 27001.
  - MITRE ATT&CK - Open framework for understanding adversarial tactics and techniques.
  - SOC2 FYI - Guide comparing available solution for SOC2.
Contributing
- Content
  - awesome list guidelines
  - awesome list guidelines
Related
- Content
  - Awesome GDPR
  - Awesome GDPR

Programming Languages

Go 4 C 2 Python 2

Ecosyste.ms: Awesome

awesome-compliance

Frameworks & standards

ESG & sustainability

Financial & corporate

Government & risk management

Quality management

Security, privacy & data protection

Tools & softwares

Compliance automation

ESG & sustainability platforms

GRC

Risk & compliance management

Security assessment

Other ressources

Community

Content

Contributing

Content

Related

Content