Regulations & Standards
Securapilot supports a wide range of regulations and standards for information security, data protection and compliance. Choose the frameworks that fit your organization and work systematically towards compliance.
All frameworks in Securapilot
Click on a framework to learn more about what it contains and when it suits your organization.
ISO/IEC 27001:2022
The leading international standard for information security management systems (ISMS). Provides a systematic framework for managing sensitive company information and protecting it from threats.
When does it apply?
Organizations that want to establish, implement and certify an information security management system. Suitable for all industries and sizes.
DORA
Digital Operational Resilience Act
EU regulation aimed at strengthening digital operational resilience in the financial sector. Requires financial entities to withstand, respond to and recover from all types of ICT-related disruptions and threats.
When does it apply?
Banks, insurance companies, securities firms, credit institutions and other financial actors within the EU that must comply with new requirements from January 2025.
NIST CSF 2.0
Cybersecurity Framework
A flexible framework developed by NIST to help organizations manage and reduce cybersecurity risks. Built on five core functions: Identify, Protect, Detect, Respond and Recover.
When does it apply?
Organizations seeking a practical and flexible framework for cybersecurity, regardless of size or industry. Particularly popular among organizations operating in the USA.
NIS2 Directive
Network and Information Security Directive 2
The EU's updated directive for network and information security that sets stricter cybersecurity requirements for critical infrastructure. Implemented in Sweden through the Cybersecurity Act effective January 15, 2026.
When does it apply?
Organizations in critical sectors such as energy, transport, healthcare, water supply, digital infrastructure, and medium and large companies in these sectors.
SOC 2
System and Organization Controls 2
A framework for service providers that handle customer data, developed by AICPA. Focuses on five principles: Security, Availability, Processing Integrity, Confidentiality and Privacy.
When does it apply?
SaaS companies, cloud service providers and other organizations handling customer data that need to demonstrate adequate security controls to their customers.
CIS Controls
Center for Internet Security Controls
A prioritized set of security measures that provides specific, practical steps to prevent the most common cyber attacks. Divided into three implementation levels based on organizational maturity.
When does it apply?
Organizations that want a practical, prioritized list of security measures to implement. Particularly well-suited as a complement to other frameworks.
ISO 9001:2015
Quality Management Systems
The most recognized international standard for quality management systems. Helps organizations ensure their products and services consistently meet customer and regulatory requirements.
When does it apply?
All organizations that want to improve their quality management, customer satisfaction and operational efficiency, regardless of size or industry.
EU AI Act
Artificial Intelligence Act
The EU's new regulation for artificial intelligence that establishes a risk-based framework for AI systems. Classifies AI systems by risk level and sets requirements for transparency, safety and human oversight.
When does it apply?
Organizations that develop, deploy or use AI systems within the EU. Particularly relevant for high-risk applications in healthcare, education, recruitment and justice.
ISO 27701:2019
Privacy Information Management
An extension of ISO 27001 specifically for managing personal data. Provides guidance for establishing, implementing and improving a privacy information management system (PIMS).
When does it apply?
Organizations that already have ISO 27001 and want to extend their management system to cover GDPR and other privacy regulations.
ISO/IEC 42001:2023
AI Management System
The first international standard for AI management systems. Provides requirements and guidance for establishing, implementing and improving an AI management system.
When does it apply?
Organizations that develop or use AI and want a structured framework for responsible AI use, aligned with the EU AI Act.
TISAX (VDA ISA)
Trusted Information Security Assessment Exchange
An information security assessment framework developed by the German automotive industry. Based on ISO 27001 but with industry-specific additions for the automotive sector.
When does it apply?
Suppliers and service providers in the automotive industry who need to demonstrate compliance with information security requirements to work with car manufacturers.
GDPR
General Data Protection Regulation
The EU's data protection regulation that governs how personal data may be processed. Gives individuals strong rights and places requirements on organizations that handle personal data.
When does it apply?
All organizations that process personal data about EU citizens, regardless of where the organization is based.
How to work with frameworks in Securapilot
Our platform makes it easy to work systematically with multiple frameworks simultaneously.
Select frameworks
Activate the regulations that are relevant to your organization. You can work with several simultaneously.
Map gaps
Perform a GAP analysis to identify which controls you meet and which need remediation.
Implement & follow up
Work systematically with remediation, collect evidence automatically and always be audit-ready.
Features for effective compliance
Automatic mapping
Controls are automatically mapped between frameworks. Fulfill one control and see how it affects multiple standards.
AI assistance
Get help interpreting requirements, suggesting remediation and generating policy documents with built-in AI.
Automatic evidence collection
Link evidence to controls automatically. Always be ready to show auditors your documentation.
Real-time overview
See your compliance status in real-time with dashboards showing maturity per framework and area.
Get started with your compliance work
Book a demo and see how Securapilot can help your organization work effectively with the frameworks that matter to you.