Standards, Regulations and Frameworks

Find out which standard is the best for your business and how you can find out how well you are doing against each.

Which standard should we align to?

It is important to keep in mind that the standard you select be best suited for both your internal needs and also the needs of your clients and regulators who may require you to meet a certain standard.  

For businesses with immature or unknown capability i.e this is the first time you are assessing your business we recommend starting with a Health Check or SMB 1001.  It is the shortest assessment and focusses on assessing key controls across all 16 practice areas.  

If you do well in the Health Check then you can move on to one of the standards such as ISO 27001 or NIST CSF (if you have a business account) to complete a more in-depth assessment of how mature your controls are across each practice area while also finding out how mature your controls are against the in-scope standards requirements.

Assuredly Health Check

The Assuredly Health Check looks at 25 key controls from across all practice areas that give organisations a view of how well they are managing the fundamentals of information security.

SMB 1001

The SMB1001:2023 Multi-tiered cyber security standard for small and medium businesses is a prescriptive dynamic standard which allows all organisations to start and monitor their journey towards resilience against evolving cyber threats.

The Essential Eight

The Essential Eight are a set of recommended controls designed to protect Microsoft Windows-based internet-connected networks.


AICPA’s  cybersecurity risk management reporting framework helps organisations communicate about and CPAs report on cybersecurity risk management programs.  


The NIST Cybersecurity framework is a voluntary framework consisting of standards, guidelines, and best practices to manage cybersecurity-related risk.

ISO 27001

ISO 27001 Information Security Management Systems is an international standard for information security. ISO 27001’s best-practice approach helps organisations manage their information security by addressing people, processes, and technology.