Coverage

Every regulation we cover, and what's next.

Live regulations are scored end-to-end in an assessment today. In-development regulations are identified as in scope for our roadmap — no committed dates, no promises. This list reflects the current state of the platform.

Live

14 regulations
  • BERMUDA-PIPA
    PrivCom-BM
    Bermuda

    Personal Information Protection Act 2016

    Live
  • BMA-OCRM
    BMA
    Bermuda

    Operational Cyber Risk Management Code of Conduct

    Live
  • CAYMAN-DPA
    CIODP
    Cayman Islands

    Cayman Islands Data Protection Act 2017

    Live
  • CIMA-SoG-Cyber
    CIMA
    Cayman Islands

    Statement of Guidance on Cybersecurity

    Live
  • CSA-NI-31-103
    CSA
    Canada

    CSA NI 31-103 — Cybersecurity Expectations

    Live
  • DORA
    ESAs
    European Union

    Digital Operational Resilience Act

    Live
  • GDPR
    EDPB
    European Union

    General Data Protection Regulation

    Live
  • GLBA-SR
    FTC
    United States

    Gramm-Leach-Bliley Act Safeguards Rule

    Live
  • NYDFS-500
    NYDFS
    New York State

    Cybersecurity Requirements for Financial Services Companies

    Live
  • OSFI-B-10
    OSFI
    Canada

    Third-Party Risk Management

    Live
  • OSFI-B-13
    OSFI
    Canada

    Technology and Cyber Risk Management

    Live
  • PIPEDA
    OPC
    Canada

    Personal Information Protection and Electronic Documents Act

    Live
  • QC-LAW-25
    AMF
    Quebec

    Act respecting the protection of personal information in the private sector

    Live
  • SR-23-4
    FRB-FDIC-OCC
    United States

    Interagency Guidance on Third-Party Relationships: Risk Management

    Live

In development

7 regulations

Identified as in scope. Applicability logic and scoring content is in active development. No commitments on dates.

  • CARIBBEAN-NATIONAL
    DPC-BS
    Bahamas

    Caribbean National Cyber and Financial Codes

    Identified
  • ECCB-CYBER
    ECCB
    Saint Lucia

    ECCB Member Cyber Expectations

    Identified
  • FFIEC-IT
    FFIEC
    United States

    FFIEC IT Examination Handbook

    Identified
  • FINRA-4370
    FINRA
    United States

    FINRA Rule 4370 — Business Continuity Plans and Emergency Contact Information

    Identified
  • NCUA-CYBER
    NCUA
    United States

    NCUA Cybersecurity Expectations

    Identified
  • SEC-PRIVACY
    SEC
    United States

    SEC Cybersecurity Risk Management Rules and U.S. State Privacy Acts

    Identified
  • UK-OPRES
    FCA
    United Kingdom

    UK FCA SYSC and PRA Operational Resilience (SS 2/21)

    Identified