UK Construction (Design and Management) Regulations 2015 (CDM 2015)

United Kingdom (HSE)

v2015

27 domains

51 controls

The Construction (Design and Management) Regulations 2015 (CDM 2015) are the UK's primary regulations for managing health, safety, and welfare in construction projects. They implement the EU Temporary or Mobile Construction Sites Directive (92/57/EEC). CDM 2015 applies to all construction projects regardless of size. Key duty holders: clients, principal designers, principal contractors, designers, and contractors. Requirements include pre-construction information, construction phase plans, health and safety files, worker consultation, and welfare facilities. Enforced by the Health and Safety Executive (HSE).

Unverified

Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.

Framework Domains (27)

Change Control

1 controls

Controls in the Change Control domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-DESIGNCHG	Managing Design Change During Construction	Design changes made after the construction phase begins must be assessed for health and safety impact, with the Principa...

Client Duties

1 controls

Controls in the Client Duties domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R4	Client Duties (Regulation 4)	Clients must make suitable arrangements for managing a project, ensuring sufficient time and resource for health and saf...

Construction Phase Plan

1 controls

Controls in the Construction Phase Plan domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R12	Construction Phase Plan	Before construction starts, the Principal Contractor (or sole contractor on single-contractor projects) must prepare a c...

Designer Duties

1 controls

Controls in the Designer Duties domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R9	Designer Duties (Regulation 9)	Designers must eliminate foreseeable risks where possible, reduce or control risks that remain, and provide information...

Domestic Client

1 controls

Controls in the Domestic Client domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-DOMESTIC	Domestic Client Projects	Where the client is a domestic client, client duties pass by default to the contractor on single-contractor projects or...

Duty Holder Appointment

1 controls

Controls in the Duty Holder Appointment domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R5	Appointment of Principal Designer and Principal Contractor	On projects with more than one contractor, the client must appoint in writing a Principal Designer for the pre-construct...

Emergency

1 controls

Controls in the Emergency domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R29	Emergency Procedures and Routes	Suitable emergency procedures, routes, exits and means of warning must be provided and rehearsed to deal with foreseeabl...

General Duties

1 controls

Controls in the General Duties domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R8	General Duties (Designers and Contractors)	All duty holders must have the necessary skills, knowledge, experience and organisational capability to fulfil their rol...

Handover

1 controls

Controls in the Handover domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R12-H	Health and Safety File	The Principal Designer must prepare a health and safety file containing information for the safe future use, maintenance...

Incidents

1 controls

Controls in the Incidents domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-ENF	Incident Reporting and Enforcement Liaison	Reportable injuries, dangerous occurrences and ill health must be reported to the HSE under RIDDOR and managed alongside...

Inspection

1 controls

Controls in the Inspection domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R24	Reports of Inspection	A competent person must inspect specified workplaces at defined intervals and prepare written reports identifying any de...

Notification

1 controls

Controls in the Notification domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R6	F10 Notification to HSE	Projects lasting longer than 30 working days with more than 20 workers simultaneously, or exceeding 500 person-days, mus...

Occupational Health

1 controls

Controls in the Occupational Health domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-DUST	Construction Dust and Occupational Health	Construction dust including silica, wood and other hazardous substances must be assessed, controlled and monitored to pr...

Part 1 - General Provisions

6 controls

Controls in the Part 1 - General Provisions domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 6 controls
Code	Title	Description
Reg 1	Citation and Commencement	The regulations are cited as CDM 2015 and came into force on 6 April 2015.
Reg 2	Interpretation and Definitions	Key terms including construction work, designer, principal contractor, and domestic client are defined.
Reg 3	Application	The regulations apply to all construction projects in Great Britain including those for domestic clients.
Sec. 1	Short Title and Commencement	Establishes the title of the Act and the date of its commencement.
Sec. 2	Interpretation	Defines key terms including personal data, data subject, data controller, and data processor.
Sec. 3	Scope and Application	Defines the material and territorial scope of the Act.

Part 2 - Client Duties

4 controls

Controls in the Part 2 - Client Duties domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 4 controls
Code	Title	Description
Reg 4	Client Duties in Relation to Managing Projects	Clients must ensure suitable arrangements for managing projects including time and resources for compliance.
Reg 5	Appointment of Principal Designer and Contractor	Clients must appoint a principal designer and principal contractor for projects with more than one contractor.
Reg 6	Notification	Clients must notify the HSE for projects lasting longer than 30 working days with more than 20 workers simultaneously.
Reg 7	Application to Domestic Clients	Domestic client duties transfer to the contractor or principal contractor unless a written agreement states otherwise.

Part 3 - Health and Safety Duties of Other Duty Holders

8 controls

Controls in the Part 3 - Health and Safety Duties of Other Duty Holders domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 8 controls
Code	Title	Description
Reg 10	Designs Prepared Outside Great Britain	Designs prepared outside Great Britain must comply with the same standards when used in GB projects.
Reg 11	Duties of Principal Designer	The principal designer must plan, manage, and monitor the pre-construction phase and coordinate health and safety.
Reg 12	Construction Phase Plan and H&S File	The principal designer must prepare the health and safety file and assist in the construction phase plan.
Reg 13	Duties of Principal Contractor	The principal contractor must plan, manage, and monitor the construction phase to ensure health and safety.
Reg 14	Principal Contractor's Duty to Consult Workers	The principal contractor must consult and engage with workers on health and safety matters.
Reg 15	Duties of Contractors	Contractors must plan, manage, and monitor construction work to ensure it is carried out safely.
Reg 8	General Duties of Designers and Contractors	Designers and contractors must have the skills, knowledge, and experience necessary for the project.
Reg 9	Duties of Designers	Designers must eliminate, reduce, or control foreseeable health and safety risks through design.

Part 4 - General Requirements for All Construction Sites

7 controls

Controls in the Part 4 - General Requirements for All Construction Sites domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 7 controls
Code	Title	Description
Reg 17	Safe Places of Construction Work	Construction sites must be safe and have suitable access and egress routes maintained in safe condition.
Reg 19	Stability of Structures	Steps must be taken to prevent accidental collapse of structures during construction work.
Reg 22	Excavations	All practicable steps must be taken to prevent danger from excavation collapse or falling materials.
Reg 25	Prevention of Drowning	Steps must be taken to prevent persons falling into water or other liquids and to minimize risk of drowning.
Reg 29	Lighting	Suitable and sufficient lighting must be provided at every construction site and on approach routes.
Reg 32	Fire Detection and Firefighting	Suitable fire detection, alarm, and firefighting equipment must be provided on construction sites.
Reg 35	Welfare Facilities	Suitable and sufficient welfare facilities must be provided for construction workers including sanitation and rest areas...

Part 5 - Supplementary and Transitional Provisions

4 controls

Controls in the Part 5 - Supplementary and Transitional Provisions domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 4 controls
Code	Title	Description
Reg 36	Enforcement and Civil Liability	Enforcement provisions and the framework for civil liability in case of regulation breaches are specified.
Sch 1	Particulars to be Notified	The schedule specifies information required in notifications to the HSE for notifiable projects.
Sch 2	Minimum Welfare Facilities	Detailed minimum standards for welfare facilities including sanitary conveniences and washing stations.
Sch 3	Work Involving Particular Risks	A list of construction work involving particular risks such as work near high voltage lines or in contaminated areas.

Principal Contractor

1 controls

Controls in the Principal Contractor domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R13	Principal Contractor Duties (Regulation 13)	The Principal Contractor must plan, manage, monitor and coordinate health and safety during the construction phase, incl...

Principal Designer

1 controls

Controls in the Principal Designer domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R11	Principal Designer Duties (Regulation 11)	The Principal Designer must plan, manage, monitor and coordinate health and safety during the pre-construction phase and...

Services

1 controls

Controls in the Services domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R26	Energy Distribution and Services on Site	Electricity, gas, water and other services on site must be installed, maintained and located so they do not endanger wor...

Site Safety

1 controls

Controls in the Site Safety domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R19	Workplace Safety on Construction Sites	Construction sites must be organised to provide safe access and egress, prevent unauthorised entry, and control hazards...

Structural Safety

1 controls

Controls in the Structural Safety domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R22	Stability of Structures and Excavations	Temporary and permanent structures, excavations, cofferdams and caissons must be designed, constructed, maintained and i...

Welfare

1 controls

Controls in the Welfare domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R17	Welfare Facilities (Schedule 2)	Suitable welfare facilities including sanitary conveniences, washing facilities, drinking water, rest areas and changing...

Workforce

1 controls

Controls in the Workforce domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R14	Site Induction, Information and Training	The Principal Contractor must ensure every worker receives a suitable site induction and the information and training ne...

Workforce Engagement

1 controls

Controls in the Workforce Engagement domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-R15	Consultation and Engagement with Workers	Contractors must consult workers on matters affecting their health and safety and provide arrangements for engagement th...

Working at Height

1 controls

Controls in the Working at Height domain of UK Construction (Design and Management) Regulations 2015 (CDM 2015) — 1 controls
Code	Title	Description
CDM-HEIGHT	Working at Height	Work at height must be properly planned, supervised and carried out using equipment that minimises the risk of falls and...

Your Compliance Coverage

If you comply with UK Construction (Design and Management) Regulations 2015 (CDM 2015), you already cover:

SASB Standards (ISSB Integrated)

4 controls mapped

Compare →

SASB Standards

4 controls mapped

Compare →

UK Building Safety Act 2022

4 controls mapped

Compare →

+ 271 more: ISO 26000:2010 (6%), NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management (6%)

See all 274 mapped frameworks ↓

Maps to 274 other frameworks

51 total controls

SASB Standards (ISSB Integrated)

4 source controls mapped|4 target controls covered

SASB Standards

4 source controls mapped|4 target controls covered

UK Building Safety Act 2022

4 source controls mapped|3 target controls covered

ISO 26000:2010

3 source controls mapped|1 target controls covered

NFPA 1600 - Standard on Continuity, Emergency, and Crisis Management

3 source controls mapped|1 target controls covered

SA8000:2014 - Social Accountability Standard

3 source controls mapped|1 target controls covered

ISO 22000

3 source controls mapped|1 target controls covered

UK Modern Slavery Act 2015

3 source controls mapped|1 target controls covered

Responsible Minerals Initiative (RMI) - Responsible Minerals Assurance Process

3 source controls mapped|1 target controls covered

ISO 45001

3 source controls mapped|1 target controls covered

ISO/IEC 27004:2016

3 source controls mapped|3 target controls covered

OSFI B-13

3 source controls mapped|1 target controls covered

ISO/IEC 29100:2024

3 source controls mapped|6 target controls covered

NIST SP 800-88

3 source controls mapped|1 target controls covered

ISO 27017

3 source controls mapped|1 target controls covered

Pakistan Personal Data Protection Bill 2023

3 source controls mapped|3 target controls covered

ISO/IEC 27050 - Electronic Discovery (Parts 1-4)

3 source controls mapped|1 target controls covered

SQF Code Edition 9 - Safe Quality Food

3 source controls mapped|1 target controls covered

ISO 22739:2024 - Blockchain and Distributed Ledger Technologies Vocabulary

3 source controls mapped|3 target controls covered

NRC 10 CFR 73.54 - Nuclear Facility Cybersecurity

3 source controls mapped|4 target controls covered

Regional Comprehensive Economic Partnership (RCEP) - E-Commerce Chapter

3 source controls mapped|3 target controls covered

ISO 28001:2007 Supply Chain Security Management

3 source controls mapped|1 target controls covered

OWASP DevSecOps Maturity Model (DSOMM)

3 source controls mapped|3 target controls covered

ISO 26262:2018 - Functional Safety for Road Vehicles

3 source controls mapped|1 target controls covered

21 CFR Part 58 - Good Laboratory Practice (GLP)

3 source controls mapped|2 target controls covered

ISO/IEC 27557:2022 - Organisational Privacy Risk Management

3 source controls mapped|5 target controls covered

ISO/IEC 23837 - Security Requirements for Quantum Key Distribution

3 source controls mapped|3 target controls covered

BRCGS Global Standard for Food Safety Issue 9

3 source controls mapped|3 target controls covered

SWIFT CSCF

3 source controls mapped|3 target controls covered

SWIFT CSCF v2024

3 source controls mapped|3 target controls covered

O-RAN WG11 Security Specification

3 source controls mapped|3 target controls covered

OpenSSF Scorecard

3 source controls mapped|1 target controls covered

PCAOB AS 2201 - Audit of Internal Control Over Financial Reporting (ICFR)

3 source controls mapped|3 target controls covered

TNFD Recommendations

3 source controls mapped|1 target controls covered

AASB S2 Climate-related Disclosures

3 source controls mapped|1 target controls covered

Protective Security Policy Framework (PSPF) Release 2024

3 source controls mapped|2 target controls covered

Illinois Biometric Information Privacy Act (BIPA)

3 source controls mapped|3 target controls covered

NAIC Insurance Data Security Model Law (MDL-668)

3 source controls mapped|4 target controls covered

Modern Slavery Act 2018 (Australia)

3 source controls mapped|3 target controls covered

PCI P2PE

3 source controls mapped|1 target controls covered

AWWA Cybersecurity Guidance for the Water Sector (American Water Works Association)

3 source controls mapped|1 target controls covered

IEC 60601-1 - Medical Electrical Equipment Safety

3 source controls mapped|2 target controls covered

US NRC 10 CFR 73.54 - Cyber Security for Nuclear Power Plants

3 source controls mapped|3 target controls covered

NIST SP 800-137

3 source controls mapped|1 target controls covered

ISO/IEC 29134:2023

3 source controls mapped|5 target controls covered

ISO/IEC 27014:2020

3 source controls mapped|4 target controls covered

TEFCA - Trusted Exchange Framework and Common Agreement

3 source controls mapped|2 target controls covered

FedRAMP High

3 source controls mapped|1 target controls covered

NIST SP 800-53 Revision 5.1 HIGH

3 source controls mapped|1 target controls covered

FedRAMP Moderate

3 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5 MODERATE

3 source controls mapped|1 target controls covered

NIST SP 800-53 Rev 5 LOW

3 source controls mapped|1 target controls covered

NIST AI Risk Management Framework (AI RMF 1.0)

3 source controls mapped|5 target controls covered

NIST AI 600-1: Generative AI Profile

3 source controls mapped|6 target controls covered

Barbados Data Protection Act 2019

3 source controls mapped|4 target controls covered

ISO/IEC 38500:2024 - Governance of IT

3 source controls mapped|4 target controls covered

Regulation on the European Health Data Space (EHDS)

3 source controls mapped|1 target controls covered

APRA CPS 234

3 source controls mapped|1 target controls covered

ISO/IEC 27400:2022

3 source controls mapped|5 target controls covered

ISO/IEC 27011:2024

3 source controls mapped|3 target controls covered

NIST Special Publication 800-34 Revision 1, Contingency Planning Guide for Federal Information Systems

3 source controls mapped|3 target controls covered

RFC 2350 - Expectations for Computer Security Incident Response (BCP 21)

3 source controls mapped|3 target controls covered

PCI PIN Security

3 source controls mapped|1 target controls covered

AICPA Privacy Management Framework (PMF)

3 source controls mapped|5 target controls covered

PCI SSF

3 source controls mapped|1 target controls covered

PAS 1192-5:2015 - Security-Minded Approach to BIM and Digital Built Environments

3 source controls mapped|2 target controls covered

New Zealand Information Security Manual (NZISM)

3 source controls mapped|2 target controls covered

South Korea Cloud Security Assurance Program (CSAP)

3 source controls mapped|2 target controls covered

ISO/IEC 27006:2024

3 source controls mapped|3 target controls covered

ISO/IEC 17025:2017 - General Requirements for Testing and Calibration Laboratories

3 source controls mapped|3 target controls covered

ISO 15189:2022 - Medical Laboratories Requirements for Quality and Competence

3 source controls mapped|6 target controls covered

Union Customs Code (UCC) - Regulation (EU) No 952/2013

3 source controls mapped|3 target controls covered

Serbia Law on Personal Data Protection (2018)

3 source controls mapped|6 target controls covered

Netherlands GDPR Implementation Act (UAVG - Uitvoeringswet AVG, 2018)

3 source controls mapped|11 target controls covered

UK Gambling Commission - Cyber Resilience Requirements

3 source controls mapped|3 target controls covered

MITRE ATT&CK

3 source controls mapped|1 target controls covered

NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements

3 source controls mapped|3 target controls covered

DAMA-DMBOK2 - Data Management Body of Knowledge (2nd Edition)

3 source controls mapped|3 target controls covered

ISO 8000 - Data Quality

3 source controls mapped|2 target controls covered

AS9100D - Aerospace Quality Management System

3 source controls mapped|1 target controls covered

ISO/IEC 27003:2017

3 source controls mapped|1 target controls covered

OCC Heightened Standards (12 CFR Part 30, Appendix D)

3 source controls mapped|1 target controls covered

ISO/IEC 29147:2018

3 source controls mapped|3 target controls covered

ISO/SAE 21434

3 source controls mapped|1 target controls covered

South Korea Korea Internet Self-Governance Organisation (KISO) Code of Ethics

3 source controls mapped|1 target controls covered

ISO/IEC 23894:2023

3 source controls mapped|4 target controls covered

NIST SP 800-144

3 source controls mapped|1 target controls covered

ISO/IEC 30111:2019

3 source controls mapped|3 target controls covered

Regulation (EU) 2019/1239 on the Maritime Single Window (MSW)

3 source controls mapped|1 target controls covered

Proposal for a Directive on improving working conditions in platform work (COM(2023) 491)

3 source controls mapped|6 target controls covered

Spain Organic Law 3/2018 on Data Protection and Digital Rights (LOPDGDD)

3 source controls mapped|4 target controls covered

MiFID II / MiFIR

3 source controls mapped|4 target controls covered

Rwanda Law No. 058/2021 Relating to the Protection of Personal Data

3 source controls mapped|9 target controls covered

Turkey Personal Data Protection Law (KVKK - Law No. 6698)

3 source controls mapped|6 target controls covered

Uzbekistan Law on Personal Data (No. ZRU-547)

3 source controls mapped|4 target controls covered

Panama Law on Personal Data Protection (Law No. 81 of 2019)

3 source controls mapped|3 target controls covered

Portugal Law No. 58/2019 - Data Protection Implementation Act

3 source controls mapped|8 target controls covered

Montenegro Law on Personal Data Protection (2023)

3 source controls mapped|10 target controls covered

Uruguay Personal Data Protection Act (Law No. 18.331)

3 source controls mapped|6 target controls covered

Romania Law No. 190/2018 on Data Protection Measures (GDPR Implementation)

3 source controls mapped|6 target controls covered

Oman Personal Data Protection Law (Royal Decree 6/2022)

3 source controls mapped|3 target controls covered

Qatar Personal Data Privacy Protection Law (Law No. 13 of 2016)

3 source controls mapped|2 target controls covered

UNCITRAL Model Law on Electronic Commerce (1996, updated 2005)

3 source controls mapped|1 target controls covered

ISO 56002

3 source controls mapped|4 target controls covered

ISO 41001:2018 - Facility Management Systems

3 source controls mapped|3 target controls covered

ISO 39001:2012 - Road Traffic Safety Management

3 source controls mapped|3 target controls covered

ISO 37002:2021 - Whistleblowing Management Systems

3 source controls mapped|3 target controls covered

ISO 50001:2018 - Energy Management Systems

3 source controls mapped|3 target controls covered

ISO 22313:2020 - Guidance on Business Continuity Management Systems

3 source controls mapped|3 target controls covered

South Korea ISMS-P

3 source controls mapped|4 target controls covered

ISO 37000:2021 - Governance of Organizations

3 source controls mapped|3 target controls covered

Austria Data Protection Act (Datenschutzgesetz, DSG, amended 2018)

3 source controls mapped|5 target controls covered

MTCS (Singapore)

3 source controls mapped|1 target controls covered

NIST SP 800-190

3 source controls mapped|1 target controls covered

ISO 27043

3 source controls mapped|1 target controls covered

OWASP Top 10:2025

3 source controls mapped|1 target controls covered

COBIT 2019

3 source controls mapped|1 target controls covered

USMCA Chapter 19 - Digital Trade (United States-Mexico-Canada Agreement)

3 source controls mapped|2 target controls covered

NIS2 Directive

3 source controls mapped|8 target controls covered

Vietnam Law on Cybersecurity (No. 24/2018/QH14)

3 source controls mapped|8 target controls covered

South Korea Credit Information Act

3 source controls mapped|4 target controls covered

AS9100D:2016 - Quality Management Systems for Aviation, Space, and Defence

3 source controls mapped|1 target controls covered

ISO 20000-1

3 source controls mapped|2 target controls covered

ISO 14001

3 source controls mapped|1 target controls covered

ISO 45001:2018

3 source controls mapped|1 target controls covered

ISO 9001:2015

3 source controls mapped|2 target controls covered

MTCS - Multi-Tier Cloud Security (Singapore)

3 source controls mapped|2 target controls covered

US Foreign Corrupt Practices Act (FCPA)

3 source controls mapped|1 target controls covered

IEC 62304:2015 Medical Device Software Lifecycle Processes

3 source controls mapped|3 target controls covered

Singapore Government Instruction Manual on ICT&SS Management (IM8)

3 source controls mapped|1 target controls covered

OWASP MASVS

3 source controls mapped|1 target controls covered

NIST Post-Quantum Cryptography Standards (FIPS 203, 204, 205)

3 source controls mapped|1 target controls covered

NIST SP 800-61

3 source controls mapped|1 target controls covered

Monetary Authority of Singapore Technology Risk Management Guidelines

3 source controls mapped|1 target controls covered

NIST SP 800-115 (Technical Guide to Information Security Testing and Assessment)

3 source controls mapped|1 target controls covered

ISO 22320:2018

3 source controls mapped|3 target controls covered

NIST SP 800-124 Revision 2 - Guidelines for Managing the Security of Mobile Devices

3 source controls mapped|3 target controls covered

Saudi PDPL

3 source controls mapped|6 target controls covered

NIST SP 800-145

3 source controls mapped|1 target controls covered

Papua New Guinea National Cybersecurity Policy & Cybercrime Act (2016)

3 source controls mapped|2 target controls covered

RBI Cybersecurity Framework for Banks

3 source controls mapped|2 target controls covered

ISO/IEC 27031:2011

3 source controls mapped|1 target controls covered

Science Based Targets initiative (SBTi) Corporate Standard

3 source controls mapped|2 target controls covered

ISO 19650 - Organisation and Digitisation of Information about Buildings and Civil Engineering Works (BIM)

3 source controls mapped|3 target controls covered

ISO/IEC 27007:2020

3 source controls mapped|1 target controls covered

Rhode Island Data Transparency and Privacy Protection Act (RIDTPPA)

3 source controls mapped|7 target controls covered

Wisconsin Data Privacy Act (SB 670)

3 source controls mapped|9 target controls covered

ISO 19011

3 source controls mapped|3 target controls covered

PTES

3 source controls mapped|1 target controls covered

NIST SP 800-82 Revision 3: Guide to Industrial Control Systems (ICS) Security

3 source controls mapped|2 target controls covered

Paraguay Law on Protection of Personal Data (Law No. 6534/2020)

3 source controls mapped|3 target controls covered

SANS Incident Handler's Handbook and PICERL Methodology

3 source controls mapped|2 target controls covered

AWS Well-Architected Security Pillar

3 source controls mapped|1 target controls covered

Azerbaijan Law on Personal Data (2010)

3 source controls mapped|4 target controls covered

ISO 13485

3 source controls mapped|1 target controls covered

ISO 13485:2016

3 source controls mapped|1 target controls covered

FFIEC IT Examination Handbook

3 source controls mapped|1 target controls covered

IEC 62351 - Power Systems Communication Security

3 source controls mapped|1 target controls covered

Notifiable Data Breaches Scheme (Australia)

3 source controls mapped|1 target controls covered

UK Bribery Act 2010

3 source controls mapped|3 target controls covered

Albania Law on Protection of Personal Data (Law No. 9887, 2008, amended 2014)

3 source controls mapped|3 target controls covered

PIC/S Guide to Good Manufacturing Practice for Medicinal Products

3 source controls mapped|3 target controls covered

CISA Cross-Sector Cybersecurity Performance Goals (CPG) 2.0

3 source controls mapped|1 target controls covered

ASIS SPC.1-2009 - Organizational Resilience Standard

3 source controls mapped|1 target controls covered

NIST SP 800-123

3 source controls mapped|1 target controls covered

NIST SP 800-92

3 source controls mapped|1 target controls covered

Nigeria Data Protection Act 2023 (NDPA)

3 source controls mapped|5 target controls covered

Automotive SPICE (ASPICE) v4.0 - Process Assessment Model

3 source controls mapped|2 target controls covered

IAIS Insurance Core Principles (ICPs)

3 source controls mapped|1 target controls covered

OWASP ASVS

3 source controls mapped|1 target controls covered

Annex 11 to EU GMP - Computerised Systems

3 source controls mapped|3 target controls covered

ISO 14064 - Greenhouse Gas Accounting and Verification (Parts 1-3)

3 source controls mapped|1 target controls covered

ISO/IEC 25012:2008 - Data Quality Model

3 source controls mapped|2 target controls covered

PSD2 SCA

3 source controls mapped|1 target controls covered

ISO 27018

3 source controls mapped|1 target controls covered

ISO/IEC 29115:2023 - Entity Authentication Assurance Framework

3 source controls mapped|1 target controls covered

ISO 20400:2017 - Sustainable Procurement

3 source controls mapped|2 target controls covered

W3C Verifiable Credentials (VC) Data Model 2.0

3 source controls mapped|2 target controls covered

NIST SP 800-146

3 source controls mapped|1 target controls covered

Open Banking Security

3 source controls mapped|1 target controls covered

NIST Cybersecurity Framework 2.0

3 source controls mapped|2 target controls covered

Switzerland New Federal Act on Data Protection (nFADP/nDSG, 2023)

3 source controls mapped|4 target controls covered

ISO 31000:2018

3 source controls mapped|1 target controls covered

21 CFR Part 211 - Current Good Manufacturing Practice

3 source controls mapped|1 target controls covered

Azure Security Benchmark

3 source controls mapped|2 target controls covered

NIST SP 800-63-4

3 source controls mapped|1 target controls covered

UK Open Banking Standard

3 source controls mapped|2 target controls covered

MITRE D3FEND

3 source controls mapped|1 target controls covered

Philippines Cybercrime Prevention Act (RA 10175)

3 source controls mapped|1 target controls covered

SSDF (NIST)

3 source controls mapped|1 target controls covered

NATO STANAG 4774 (Confidentiality Metadata Labels) and STANAG 4778 (Metadata Binding)

3 source controls mapped|3 target controls covered

OWASP SAMM

3 source controls mapped|1 target controls covered

SSAE 18 - Attestation Standards (SOC Reporting)

3 source controls mapped|4 target controls covered

SOC 2

3 source controls mapped|5 target controls covered

Singapore Cybersecurity Act 2018

3 source controls mapped|1 target controls covered

South Africa Promotion of Access to Information Act (PAIA)

3 source controls mapped|3 target controls covered

Sweden Data Protection Act (Dataskyddslag, 2018:218)

3 source controls mapped|3 target controls covered

Singapore Payment Services Act 2019 (PSA) - Digital Payment Token Provisions

3 source controls mapped|2 target controls covered

SIG (Shared Assessments)

3 source controls mapped|1 target controls covered

Sri Lanka Personal Data Protection Act (No. 9 of 2022)

3 source controls mapped|4 target controls covered

SWIFT CSP

3 source controls mapped|1 target controls covered

WHO Global Strategy on Digital Health 2020-2025

3 source controls mapped|2 target controls covered

SLSA

3 source controls mapped|1 target controls covered

US Children's Online Privacy Protection Act (COPPA) and COPPA 2.0 Proposed Updates

2 source controls mapped|2 target controls covered

Poland Act on Personal Data Protection (Ustawa o ochronie danych osobowych, 2018)

2 source controls mapped|7 target controls covered

Russia Federal Law on Personal Data (152-FZ)

2 source controls mapped|6 target controls covered

Tennessee Information Protection Act (TIPA)

2 source controls mapped|7 target controls covered

FTC GLBA Safeguards Rule (16 CFR Part 314)

1 source controls mapped|1 target controls covered

French Sapin II Law (Law No. 2016-1691)

1 source controls mapped|1 target controls covered

Florida Digital Bill of Rights (FDBR)

1 source controls mapped|1 target controls covered

US OFAC Sanctions Compliance Framework

1 source controls mapped|1 target controls covered

WCAG 2.2

1 source controls mapped|1 target controls covered

US SEC Digital Assets and Crypto Regulatory Framework

1 source controls mapped|2 target controls covered

UNECE WP.29 R156

1 source controls mapped|1 target controls covered

Singapore Payment Services Act (PSA) - Digital Payment Token Regulation

1 source controls mapped|2 target controls covered

Tanzania Personal Data Protection Act (Draft)

1 source controls mapped|4 target controls covered

Trinidad and Tobago Data Protection Act 2011

1 source controls mapped|4 target controls covered

UK GDPR (UK General Data Protection Regulation)

1 source controls mapped|1 target controls covered

Virginia Consumer Data Protection Act (VCDPA)

1 source controls mapped|1 target controls covered

UK Telecommunications (Security) Act 2021

1 source controls mapped|1 target controls covered

UNECE WP.29 R155

1 source controls mapped|1 target controls covered

UK PSTI Act

1 source controls mapped|1 target controls covered

Peru DPL

1 source controls mapped|3 target controls covered

Senegal Law on Personal Data Protection (Law No. 2008-12)

1 source controls mapped|5 target controls covered

Tunisia Organic Law on Personal Data Protection (Law No. 2004-63)

1 source controls mapped|3 target controls covered

Australian Privacy Principles (APPs)

1 source controls mapped|3 target controls covered

Personal Data Act (personopplysningsloven)

1 source controls mapped|3 target controls covered

Philippines DPA

1 source controls mapped|3 target controls covered

Philippines Data Privacy Act (RA 10173)

1 source controls mapped|6 target controls covered

Rwanda DPL

1 source controls mapped|3 target controls covered

Switzerland FADP

1 source controls mapped|3 target controls covered

Oregon Consumer Privacy Act

1 source controls mapped|3 target controls covered

NIST Privacy Framework Version 1.0

1 source controls mapped|2 target controls covered

GDPR

1 source controls mapped|5 target controls covered

PDPA Thailand

1 source controls mapped|3 target controls covered

UNICEF Policy Guidance on AI for Children (2021)

1 source controls mapped|1 target controls covered

PropTech Security Standards - Smart Building Cybersecurity

1 source controls mapped|2 target controls covered

Privacy and Other Legislation Amendment Act 2024 (Australia)

1 source controls mapped|3 target controls covered

Privacy Act 2020

1 source controls mapped|3 target controls covered

OWASP Top 10 for LLM Applications 2025

1 source controls mapped|1 target controls covered

Nigeria Data Protection Regulation (NDPR)

1 source controls mapped|3 target controls covered

POPIA

1 source controls mapped|3 target controls covered

New Hampshire Data Privacy Act

1 source controls mapped|3 target controls covered

New Jersey Data Privacy Act

1 source controls mapped|3 target controls covered

SOC for Cybersecurity - Cybersecurity Risk Management Examination

1 source controls mapped|1 target controls covered

Mexico LFPDPPP

1 source controls mapped|3 target controls covered

Peru Personal Data Protection Law (Law No. 29733)

1 source controls mapped|5 target controls covered

Student Privacy Pledge 2020

1 source controls mapped|1 target controls covered

Ukraine Law on Personal Data Protection (Law No. 2297-VI)

1 source controls mapped|2 target controls covered

NIST SP 800-122

1 source controls mapped|3 target controls covered

Singapore AI Governance Framework

1 source controls mapped|1 target controls covered

Armenia Law on Protection of Personal Data (2015)

1 source controls mapped|3 target controls covered

NIST Privacy Framework 1.0

1 source controls mapped|3 target controls covered

Turkey KVKK

1 source controls mapped|3 target controls covered

NRF Cybersecurity and Data Privacy Framework (National Retail Federation)

1 source controls mapped|1 target controls covered

Privacy Act 1988 (Australia)

1 source controls mapped|3 target controls covered

Vermont Artificial Intelligence and Consumer Data Act (AICDA)

1 source controls mapped|3 target controls covered

Oman National Cybersecurity Framework

1 source controls mapped|1 target controls covered

Saudi Arabia PDPL

1 source controls mapped|3 target controls covered

Montana Consumer Data Privacy Act

1 source controls mapped|3 target controls covered

Minnesota Consumer Data Privacy Act

1 source controls mapped|3 target controls covered

COSO Internal Control - Integrated Framework (2013)

1 source controls mapped|1 target controls covered

Washington My Health My Data Act (MHMD)

1 source controls mapped|3 target controls covered

Nebraska Data Privacy Act

1 source controls mapped|3 target controls covered

Qatar DPL

1 source controls mapped|3 target controls covered

Mauritius DPA

1 source controls mapped|3 target controls covered

PDPA Singapore

1 source controls mapped|3 target controls covered

Nevada Gaming Control Board Cybersecurity Requirements

1 source controls mapped|1 target controls covered

APPI

1 source controls mapped|3 target controls covered

Vietnam PDPD

1 source controls mapped|3 target controls covered

Nigeria Open Banking Regulatory Framework (CBN, 2023)

1 source controls mapped|3 target controls covered

OECD AI Principles

1 source controls mapped|1 target controls covered

ISO 27001:2022

1 source controls mapped|1 target controls covered

Bahrain PDPL

1 source controls mapped|3 target controls covered

Compare UK Construction (Design and Management) Regulations 2015 (CDM 2015) with SASB Standards (ISSB Integrated)

Frequently Asked Questions

What is UK Construction (Design and Management) Regulations 2015 (CDM 2015)?

UK Construction (Design and Management) Regulations 2015 (CDM 2015) is a compliance framework from United Kingdom (HSE) with 27 domains and 51 controls. The Construction (Design and Management) Regulations 2015 (CDM 2015) are the UK's primary regulations for managing health, safety, and welfare in construction projects. They implement the EU Temporary or Mobile Construction Sites Directive (92/57/EEC). CDM 2015 applies to all construction projects regardless of size. Key duty holders: clients, principal designers, principal contractors, designers, and contractors. Requirements include pre-construction information, construction phase plans, health and safety files, worker consultation, and welfare facilities. Enforced by the Health and Safety Executive (HSE). It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.

How many controls does UK Construction (Design and Management) Regulations 2015 (CDM 2015) have?

UK Construction (Design and Management) Regulations 2015 (CDM 2015) has 51 controls organised across 27 domains. The largest domains are Part 3 - Health and Safety Duties of Other Duty Holders (8 controls), Part 4 - General Requirements for All Construction Sites (7 controls), Part 1 - General Provisions (6 controls). Each control defines specific requirements that organisations must implement to achieve compliance.

What frameworks does UK Construction (Design and Management) Regulations 2015 (CDM 2015) map to?

UK Construction (Design and Management) Regulations 2015 (CDM 2015) maps to 274 other compliance frameworks. The top mapping partners are SASB Standards (ISSB Integrated) (8% coverage), SASB Standards (8% coverage), UK Building Safety Act 2022 (8% coverage). Use our comparison tool to explore control-level mappings between frameworks.

How do I get started with UK Construction (Design and Management) Regulations 2015 (CDM 2015) compliance?

Start your UK Construction (Design and Management) Regulations 2015 (CDM 2015) compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about UK Construction (Design and Management) Regulations 2015 (CDM 2015) requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 51 controls and track your progress.

Start Your Compliance Journey

Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.

Get Started Free →

Free forever — no credit card required