Core Frameworks

Framework fluency built into every engagement.

We map Microsoft 365 controls to leading regulatory and certification frameworks. Our core delivery focus is on UK, EU / EEA, Norway, and UAE environments.

International Standards

standard

ISO 27001

ISO/IEC 27001:2022

ISO 27001 certification is increasingly a procurement prerequisite. Without it, organisations face exclusion from enterprise supply chain shortlists and heightened scrutiny from insurers and regulators.

View framework
standard

ISO 27701

ISO/IEC 27701:2019

Without certified privacy controls, data-sharing agreements stall and regulatory exposure compounds across every jurisdiction you operate in.

View framework
ai-governance

ISO 42001

ISO/IEC 42001:2023

Deploying enterprise AI without a certified governance framework exposes the board to unquantified intellectual property and regulatory risk.

View framework
standard

SOC 2

SOC 2 Type II

A qualified SOC 2 opinion—or the absence of one—directly determines whether enterprise clients will onboard or renew your contract.

View framework
standard

PCI DSS

PCI DSS v4.0

Loss of PCI compliance triggers merchant processing suspension, contractual breach, and direct financial liability for the management body.

View framework

Global Frameworks

regulation

HIPAA

HIPAA / HITECH

Mishandling of Protected Health Information carries significant civil penalties and personal criminal liability for responsible officers.

View framework
standard

NIST CSF

NIST CSF 2.0

Boards, insurers, and procurement teams treat NIST CSF alignment as the baseline measure of whether management is governing cyber risk responsibly.

View framework

European Union

regulation

EU GDPR

EU General Data Protection Regulation

With fines exceeding EUR 1.2 billion for major infractions, GDPR non-compliance is a material financial risk that demands board-level ownership.

View framework
regulation

DORA

Digital Operational Resilience Act

DORA transforms ICT risk management from an IT concern into a board-level legal liability for every EU financial entity and its critical technology providers.

View framework
regulation

NIS2

NIS2 Directive

NIS2 introduces direct accountability for management bodies who fail to oversee cybersecurity risk across 18 critical sectors.

View framework
ai-governance

EU AI Act

EU Artificial Intelligence Act

The EU AI Act imposes fines up to 7% of global turnover for non-compliant AI deployment—making ungoverned Copilot rollout a material commercial risk.

View framework

United Kingdom

standard

Cyber Essentials

Cyber Essentials Plus

Without Cyber Essentials certification, your firm is excluded from UK government contracts involving sensitive data and faces higher insurance premiums.

View framework
regulation

UK GDPR

UK General Data Protection Regulation

Post-Brexit divergence means UK organisations must now navigate two parallel GDPR regimes, with the ICO imposing fines up to GBP 17.5 million or 4% of global turnover.

View framework
regulation

FCA

FCA Operational Resilience

The FCA's full compliance deadline has passed—firms must now demonstrate, not merely plan, their ability to remain within impact tolerances during disruption.

View framework

Norway

regulation

Norway PDL

Norwegian Personal Data Act (Personopplysningsloven)

Datatilsynet is one of Europe's most active enforcement authorities—Norwegian fines follow full EU GDPR scales, with landmark actions exceeding NOK 65 million.

View framework

Middle East

regulation

UAE PDPL

UAE Personal Data Protection Law

The UAE PDPL imposes fines up to AED 5 million and processing suspensions—management must demonstrate compliant data handling across mainland and free zone operations.

View framework

Need help with a specific framework?

Start with a Compliance & Evidence Readiness Sprint scoped to your target framework.

Start a readiness sprint