📊  Compliance Hub

39 IT Compliance Frameworks
Explained & Mapped

The most comprehensive IT compliance reference for Indian enterprises — every major framework across InfoSec, Data Privacy, Cloud, AI, Telecom, Data Center, Supply Chain, AppSec, and Finance, with EnterWeb’s field-proven implementation guidance.

39Frameworks
9Categories
12+Jurisdictions
FreeAlways
Tier: 🔴 Regulatory 🟢 Certifiable 🔵 Framework ⚪ Standard
🛡️

Category

InfoSec & IT Governance

6 Frameworks
InfoSec & IT Governance 🟢 Certifiable

ISO 27001:2022

🏢  ISO / IEC

The global gold standard for Information Security Management Systems (ISMS). Defines 93 controls across 4 domains and drives systematic risk management.

Read Guide →
InfoSec & IT Governance 🔵 Framework

NIST CSF 2.0

🏢  NIST (USA)

The most widely adopted cybersecurity framework — updated in 2024 with a new Govern function. Maps Identify, Protect, Detect, Respond, Recover across all sectors.

Read Guide →
InfoSec & IT Governance 🔵 Framework

CIS Controls v8

🏢  Center for Internet Security

18 prioritised security controls organised into IG1/IG2/IG3 implementation groups. Practical, prescriptive, and free to use.

Read Guide →
InfoSec & IT Governance 🔵 Framework

COBIT 2019

🏢  ISACA

IT governance and management framework for enterprise IT. Bridges business objectives with IT controls through 40 governance/management objectives.

Read Guide →
InfoSec & IT Governance 🟢 Certifiable

SOC 2 Type II

🏢  AICPA

Trust Services Criteria audit across Security, Availability, Confidentiality, Processing Integrity, and Privacy. Essential for SaaS and managed service providers.

Read Guide →
InfoSec & IT Governance 🟢 Certifiable

ISO 20000-1

🏢  ISO / IEC

International standard for IT Service Management (ITSM). Aligns IT services with business needs through structured processes for incident, change, and availability management.

Read Guide →
🔒

Category

Data Privacy

5 Frameworks
Data Privacy 🔴 Regulatory

GDPR

🏢  European Commission

Regulation (EU) 2016/679 — the world's most influential data protection law. Applies to any organisation processing personal data of EU residents.

Read Guide →
Data Privacy 🔴 Regulatory

DPDP Act 2023

🏢  MeitY / Govt of India

India's landmark digital privacy law — the Digital Personal Data Protection Act 2023. Mandates consent management, data fiduciary obligations, and grievance redressal.

Read Guide →
Data Privacy 🟢 Certifiable

ISO 27701

🏢  ISO / IEC

Privacy Information Management System (PIMS) — extends ISO 27001 with privacy controls for both data controllers and processors.

Read Guide →
Data Privacy 🔴 Regulatory

CCPA / CPRA

🏢  California DOJ

California Consumer Privacy Act and California Privacy Rights Act — foundational US state privacy law with consumer rights to opt-out and data deletion.

Read Guide →
Data Privacy 🔴 Regulatory

PDPA (APAC)

🏢  PDPC / Govts

Personal Data Protection Acts across Thailand, Singapore, and ASEAN — relevant for Indian BPO/IT firms serving APAC markets.

Read Guide →
☁️

Category

Cloud Computing

4 Frameworks
Cloud Computing 🟢 Certifiable

CSA STAR

🏢  Cloud Security Alliance

Cloud-specific security assurance — Level 1 (self-assessment), Level 2 (third-party audit). Built on ISO 27001 + CCM (Cloud Controls Matrix).

Read Guide →
Cloud Computing 🔴 Regulatory

FedRAMP

🏢  US GSA / FedRAMP PMO

US federal cloud security authorisation programme — mandatory for cloud services hosting US government data. ATO, 3PAO, and continuous monitoring.

Read Guide →
Cloud Computing ⚪ Standard

ISO 27017 / 27018

🏢  ISO / IEC

ISO 27017 adds cloud-specific controls to ISO 27001. ISO 27018 protects Personally Identifiable Information (PII) in public cloud environments.

Read Guide →
Cloud Computing 🟢 Certifiable

BSI C5

🏢  BSI Germany

Cloud Computing Compliance Criteria Catalogue — Germany's official cloud security framework. Increasingly required for EU public sector cloud procurement.

Read Guide →
🤖

Category

Artificial Intelligence

3 Frameworks
Artificial Intelligence 🟢 Certifiable

ISO 42001:2023

🏢  ISO / IEC

World's first international standard for AI Management Systems (AIMS). Provides governance, risk, and accountability structures for AI development.

Read Guide →
Artificial Intelligence 🔵 Framework

NIST AI RMF 1.0

🏢  NIST (USA)

AI Risk Management Framework — four core functions: Govern, Map, Measure, Manage. Helps organisations build trustworthy, responsible AI systems.

Read Guide →
Artificial Intelligence 🔴 Regulatory

EU AI Act

🏢  European Commission

World's first comprehensive AI law — risk-based classification (Minimal, Limited, High, Unacceptable). Applies to AI systems deployed in the EU from 2026.

Read Guide →
📡

Category

Telecom, ISP & BPO

5 Frameworks
Telecom, ISP & BPO 🔴 Regulatory

DoT OSP / Unified License

🏢  Dept of Telecom, India

Indian DoT licensing framework for OSP (Other Service Providers), ISPs, NLDs, ILDs — mandatory for BPO, call centres, ILL providers, and VoIP operators.

Read Guide →
Telecom, ISP & BPO 🔴 Regulatory

TRAI / LIM

🏢  TRAI / DoT India

Lawful Interception and Monitoring (LIM) requirements for Indian ISPs and telecom operators — mandatory network-level capabilities for law enforcement.

Read Guide →
Telecom, ISP & BPO ⚪ Standard

MEF 3.0

🏢  Metro Ethernet Forum

MEF 3.0 Lifecycle Service Orchestration — standards for SD-WAN, cloud connectivity, and carrier Ethernet services across multi-carrier environments.

Read Guide →
Telecom, ISP & BPO ⚪ Standard

STIR / SHAKEN

🏢  ATIS / IETF

Caller ID authentication standard that digitally signs SIP calls to combat robocall spoofing. Mandatory for US carriers; being adopted globally.

Read Guide →
Telecom, ISP & BPO 🟢 Certifiable

TL 9000

🏢  QuEST Forum

Telecom-specific quality management system built on ISO 9001 — adds KPIs, release management, and reliability requirements for telecom products and services.

Read Guide →
🔌

Category

Data Center & Hardware

4 Frameworks
Data Center & Hardware ⚪ Standard

ANSI/TIA-942

🏢  TIA / ANSI

Data centre infrastructure standard — defines Rated-1 to Rated-4 tiers for site infrastructure, power, cooling, cabling, and architectural requirements.

Read Guide →
Data Center & Hardware 🟢 Certifiable

Uptime Institute Tier

🏢  Uptime Institute

Tier I–IV certification for data centre reliability. Tier IV requires 99.995% uptime with fully fault-tolerant power and cooling infrastructure.

Read Guide →
Data Center & Hardware ⚪ Standard

NEBS

🏢  Telcordia / ATIS

Network Equipment Building System — safety, EMC, and environmental standards for telecom network equipment deployed in central offices and data centres.

Read Guide →
Data Center & Hardware ⚪ Standard

ASHRAE TC 9.9

🏢  ASHRAE

Thermal guidelines for data centre environments — defines temperature/humidity ranges (A1–A4 classes) and cooling efficiency metrics like PUE.

Read Guide →
📦

Category

TPVA & Supply Chain

3 Frameworks
TPVA & Supply Chain 🔵 Framework

SIG Questionnaire

🏢  Shared Assessments

Standardised Information Gathering (SIG) — the industry standard third-party vendor risk assessment questionnaire covering 20 risk domains.

Read Guide →
TPVA & Supply Chain 🟢 Certifiable

TISAX

🏢  VDA ENX

Trusted Information Security Assessment Exchange — mandatory for automotive supply chain. Required by BMW, Volkswagen, Mercedes, and Tier 1/2 suppliers.

Read Guide →
TPVA & Supply Chain 🟢 Certifiable

ISO 28000

🏢  ISO

Supply Chain Security Management Systems — risk-based framework for identifying threats, assessing vulnerabilities, and implementing supply chain controls.

Read Guide →
📋

Category

AppSec & SDLC

4 Frameworks
AppSec & SDLC 🔵 Framework

OWASP SAMM v2

🏢  OWASP

Software Assurance Maturity Model — 15 security practices across Governance, Design, Implementation, Verification, and Operations, each with 3 maturity levels.

Read Guide →
AppSec & SDLC ⚪ Standard

ISO 27034

🏢  ISO / IEC

Application security standard that defines Organisational Normative Framework (ONF) and Application Normative Framework (ANF) for secure software development.

Read Guide →
AppSec & SDLC 🟢 Certifiable

PCI SSF

🏢  PCI SSC

PCI Software Security Framework — modern replacement for PA-DSS. Covers Secure SLC (lifecycle) and Secure Software standards for payment application security.

Read Guide →
AppSec & SDLC 🔴 Regulatory

CMMC 2.0

🏢  US DoD

Cybersecurity Maturity Model Certification — 3-level framework (Foundational, Advanced, Expert) for US Department of Defence supply chain contractors.

Read Guide →
🏥

Category

Finance & Healthcare

5 Frameworks
Finance & Healthcare 🔴 Regulatory

PCI DSS v4.0

🏢  PCI SSC

Payment Card Industry Data Security Standard v4.0 — mandatory for any organisation storing, processing, or transmitting cardholder data. 12 core requirements.

Read Guide →
Finance & Healthcare 🔴 Regulatory

DORA

🏢  European Commission

EU Digital Operational Resilience Act — mandatory ICT risk management for financial entities in the EU from January 2025. Covers TLPT, incident reporting, DORA registry.

Read Guide →
Finance & Healthcare 🔴 Regulatory

HIPAA / HITECH

🏢  US HHS

US Health Insurance Portability and Accountability Act — mandatory for healthcare providers, insurers, and business associates handling Protected Health Information (PHI).

Read Guide →
Finance & Healthcare 🟢 Certifiable

HITRUST CSF

🏢  HITRUST Alliance

Health Information Trust Alliance Common Security Framework — risk-based, certifiable framework harmonising HIPAA, ISO 27001, NIST, and PCI DSS for healthcare.

Read Guide →
Finance & Healthcare 🔴 Regulatory

RBI Cyber Security Framework

🏢  Reserve Bank of India

RBI Master Direction on IT and Cyber Security for banks and NBFCs — mandates CISO appointment, Security Operations Centre, cyber incident reporting, and VAPT.

Read Guide →
🚀  Start Today

Not Sure Which Framework You Need?

Our compliance engineers will assess your organisation’s industry, size, geography, and data types to map the exact frameworks applicable to you — with a prioritised, phased roadmap and cost estimates. Free first session.

📞  Request Free Compliance Audit 📋  Browse All IT Guides