Which Compliance Framework Do You Need?
Answer 5 quick questions and we'll recommend the most relevant frameworks from 692+ standards — no sign-up required.
What industry does your organisation operate in?
Select your primary industry — we'll recommend industry-specific frameworks.
How to Choose the Right Compliance Framework
Choosing a compliance framework starts with understanding your regulatory obligations. Industry-specific regulations like HIPAA (healthcare), PCI DSS (payments), and DORA (financial services) are typically mandatory. Cross-industry standards like ISO 27001 and NIST Cybersecurity Framework provide voluntary but widely-recognised security baselines. Location matters too — GDPR applies to organisations processing EU personal data, while Australia's ISM and PSPF govern government systems.
Our quiz analyses your industry, jurisdiction, data types, maturity level, and priorities to recommend the most relevant frameworks from our database of 692+ standards. Each recommendation includes the reasoning so you can make an informed decision.
Common Requirements by Industry
Healthcare
HIPAA, HL7 FHIR, ISO 13485, IEC 62304, FDA 21 CFR Part 11 — protecting patient data and ensuring medical device safety.
Financial Services
PCI DSS, SOX, DORA, Basel III, GLBA, APRA CPS 234 — securing payment data, financial reporting, and operational resilience.
Technology & Cloud
SOC 2, CSA CCM, FedRAMP, ISO 27017/27018, EU AI Act — demonstrating cloud security and responsible AI governance.
Government & Defence
ISM, PSPF, CMMC, NIST SP 800-53, Essential Eight — meeting classified data handling and critical infrastructure requirements.
Frequently Asked Questions
How do I know which compliance framework I need?
The right framework depends on your industry, location, data types, and business priorities. For example, healthcare organisations handling patient data typically need HIPAA, while companies processing EU personal data need GDPR. Our quiz analyses these factors across 692 frameworks to give personalised recommendations.
What is the difference between GDPR and ISO 27001?
GDPR is a European Union regulation focused specifically on personal data protection and privacy rights. ISO 27001 is an international standard for information security management systems (ISMS) that covers broader security controls. Many organisations need both — GDPR for legal compliance and ISO 27001 for security best practices.
Can I comply with multiple frameworks at once?
Yes — most compliance frameworks share overlapping controls. Cross-framework mapping lets you satisfy multiple standards simultaneously. For example, implementing ISO 27001 controls covers approximately 60-70% of SOC 2 requirements. Our platform maps controls across frameworks to help you maximise coverage with minimal duplication.
This platform provides educational compliance tools, not legal, regulatory, or professional compliance advice. Framework recommendations are generated algorithmically and do not constitute professional guidance. Framework names and trademarks belong to their respective owners. Consult qualified professionals for your specific compliance requirements.