The controls you create will depend on your company's people, technology, and products. Service organizations must protect customer data and products, ensuring a safe and reliable platform for business.

The Health Insurance Portability and Accountability Act (HIPAA) sets national standards to protect individuals' medical records and personal health information. It applies to health plans, clearinghouses, and providers, ensuring the confidentiality and integrity of protected health information (PHI).

The General Data Protection Regulation (GDPR) is an EU law that enforces strict rules on personal data protection and privacy. It regulates how organizations handle the personal information of EU and EEA residents and controls data transfers outside these areas.

The international standard for information security management systems (ISMS) offers a systematic way to manage sensitive company information, ensuring its confidentiality, integrity, and availability.

International standard for Artificial Intelligence Management Systems (AIMS). ISO 42001 provides a framework for establishing, implementing, maintaining, and continually improving AI governance to ensure responsible, effective, and trustworthy use of AI across your organization.

International standard providing guidelines for organizational information security standards and information security management practices. ISO 27002 supports the implementation of security controls for managing information security risks.

The Payment Card Industry Data Security Standard (PCI DSS) is a global security standard for organizations handling credit card information. It sets requirements to ensure a secure environment and protect cardholder data.

The NIST Cybersecurity Framework (NIST CSF) offers voluntary guidelines from the U.S. government to help organizations manage cybersecurity risks.

A cybersecurity framework by the National Institute of Standards and Technology (NIST) that outlines security controls for federal information systems.

NIST SP 800-171 outlines security requirements for safeguarding Controlled Unclassified Information (CUI) in non-federal systems.

Empower your team to define compliance on your own terms. With Openlane's Custom Framework feature, you can import any set of controls—whether it's an industry standard, a bespoke company policy, or an entirely new security model—and manage them alongside our built-in frameworks.