ScalePad Automation Solution Handbook cover
ScalePad’s Automation Solution Handbook
Discover why MSPs consider Lifecycle Manager and Backup Radar as the most valuable apps in their stack. 
Learn More

MSP Compliance Frameworks

60+ Cybersecurity Frameworks Supported

Hit the ground running on your compliance journey. Review ControlMap’s supported MSP compliance frameworks by region and industry, so you can find the most relevant frameworks for your business or your client.
Book a Demo
Read ScalePad ControlMap reviews on G2

Frameworks to Support Every Client

Select a region to view our supported compliance & cybersecurity frameworks:

Compliance Standards to Start With

Get familiar with the most common cybersecurity compliance standards — no matter where you are and which industries you work with.

SOC 2 Type I & II

The five Trust Services criteria:

Developed by The American Institute of Certified Public Accountants (AICPA), SOC 2 helps organizations safeguard customer data. SOC stands for System and Organization Controls — it includes five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy. SOC 2 compliance is a critical framework for MSPs and clients.

ISO 27001 (2022)

Implement and maintain an ISMS:

ISO 27001 is the internationally recognized standard for implementing and managing an Information Security Management System (ISMS). It should not be confused with ISO 27701, ISO 27017, or ISO 27018. ISO 27001 requirements are the standard used to pass an audit, guaranteeing that a business’s security protocols are up-to-date.

PCI DSS

Secure credit card data:

The Payment Card Industry Data Security Standard (PCI DSS) is essential for anyone handling credit card information. These standards are designed to protect and secure payment accounts throughout the transaction process. All companies that accept, process, store, or transmit credit card data should be sure to abide by these standards. PCI compliance standards are a pillar in e-commerce.

HIPAA

Securing personal health info:

HIPAA stands for the Health Insurance Portability and Accountability Act of 1996. It’s a federal standard specifically for protected health information (PHI). Regulated by the Office for Civil Rights, HIPAA outlines the permissible use and disclosure of PHI in the USA as set forth by HHS guidelines. HIPAA compliance is absolutely crucial for all healthcare businesses and anyone who handles personal health data for customers and clients.

GDPR

The European mega-mandate:

Working in the EU? You need to know about GDPR compliance. With 99 distinct articles, this set of data protection regulations is one of the world’s most comprehensive frameworks. It’s designed to give people full control over information associated with them by limiting how organizations can use personal data.

CIS Controls

Cybersecurity best practices:

The CIS Critical Security Controls (CIS Controls) are a globally implemented set of best practices used to boost an organization’s cybersecurity. They’re continually updated as these controls prioritize and simplify the steps needed for a strong cybersecurity defense. Compliance software should adhere to these CIS controls to maintain adequate cybersecurity and compliance.

NIST CSF 2.0

The flexible add on:

Updated in 2024, the National Institute of Standards and Technology (NIST) Cybersecurity 2.0 Framework is a comprehensive — yet flexible — set of standards, guidelines, and best practices.

The NIST cybersecurity framework is meant to be implemented alongside existing security processes in any industry.

CMMC 2.0

For defense contractors:

The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) was introduced to ensure that all defense contractors use security protocols to protect sensitive defense information.

Companies responsible for handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) must meet the CMMC requirements to remain compliant. CMMC compliance requirements are non-negotiable — this framework must be followed for MSPs and clients who work in the defense sector.

FTC Safeguards Rule

Rules for financial institutions:

The FTC Safeguards Rule ensures that entities covered by the Rule maintain safeguards to protect customer information. It applies to financial institutions subject to the FTC’s jurisdiction that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805.

Take the First Step Towards Compliance

Whether you’re offering Compliance as a Service, becoming a vCISO, or securing compliance for your MSP business — ControlMap is the guide you need.
crossmenuchevron-down