Constantly growing library of security frameworks

Cyberday offers a growing list frameworks that are all cross-linked to our task library. Frameworks provide you with a structured approach; you have something to base your work on and you always know your current security level while building your ISMS. Choose the frameworks that best suit your needs and objectives.

Integrate when needed with Power Automate
Deploy easily as Microsoft Teams app

Explore published and upcoming frameworks

ISO 27001:2022

Cyber security
PRIVACY
PUBLIC SECTOR

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

  • Management-driven tasks e.g. about ISMS management, risk evaluation and treatment and internal auditing.
  • Advanced tasks e.g. about procurement, physical security, other information assets and vulnerability management
  • Advanced documentation e.g. risks, non-conformities and improvements

ISO 27001:2022 is divided to 3 separate levels in Cyberday, so you can either start small or go for the certification-level ISMS directly.

Learn more about framework

ISO 27001:2013

Cyber security
PUBLIC SECTOR

Full, certification-level ISMS. Complete set of security controls along with management, auditing and risk evaluation aspects.

  • Management-driven tasks e.g. about ISMS management, risk evaluation and treatment and internal auditing.
  • Advanced tasks e.g. about procurement, physical security, other information assets and vulnerability management
  • Advanced documentation e.g. risks, non-conformities and improvements

ISO 27001:2022 is divided to 3 separate levels in Cyberday, so you can either start small or go for the certification-level ISMS directly.

Learn more about framework

NIST Cybersecurity Framework

Cyber security
PUBLIC SECTOR

NIST Cybersecurity Framework is a collaborative effort coordinated by The National Institute of Standards and Technology (NIST, part of the U.S. Department of Commerce) and involving industry, academia, and government.

Framework is designed to help owners and operators of critical infrastructure to identify, assess and manage cyber risks.

  • Advanced tasks e.g. about risk management and incident detection, response and recovery.
  • Advanced documentation e.g. on information security risks
  • Generic cyber security guidelines for empoyees, priviliged users, senior management and other stakeholders.
Learn more about framework

General Data Protection Regulation

PRIVACY
PUBLIC SECTOR

GDPR sets out the requirements for lawful processing of personal data and demonstrating the adequate protection of data.

  • Privacy and personal data handling guidelines for employees
  • Informing, data processor and breach management tasks for admins
  • Data processing, data transfer, privacy risk and DPIA documentation
Learn more about framework

ISO 27017

Cyber security

ISO 27017 is a security standard developed especially for cloud service providers and users to create a safer cloud-based environment and reduce the risk of security incidents.

  • Technical tasks related to cloud environment and shared responsibilities.
  • Advanced tasks e.g. about virtualization and monitoring cloud services

ISO 27017 gives cloud-specific additions to ISO 27001, so these two frameworks should be used together.

ISO 27018

PRIVACY
Cyber security

ISO 27018 is a security standard developed especially for cloud service providers to ensure risks are assessed and controls are implemented to protect personally identifiable information (PII).

  • Documentation related to processing personally identifiable information (PII).
  • Tasks related to purpose, data and retention minimization.
  • Advanced tasks related to the information security while processing PII.

ISO 27018 gives cloud-specific additions to ISO 27001, so these two frameworks should be used together.

ISO 27701

PRIVACY

ISO 27701 is a privacy extension to ISO 27001. The framework aims to upgrade the existing Information Security Management System (ISMS) with additional requirements related to processing and protecting personal data in order to establish also a Privacy Information Management System (PIMS).

  • Documentation related to processing activities, transfers and disclosures of personal data.
  • Tasks related to data subject rights and ensuring lawfulness of processing.
  • Advanced privacy-related tasks about ensuring proper consent and filling other requirements for personal data controllers and processors.

Certifications are available for ISO 27701. As the framework extends ISO 27001, organizations seeking an ISO 27701 certification will need to have the ISO 27001 certification.

ISO 13485:2016

PUBLIC SECTOR
Cyber security

ISO 13485:2016 specifies requirements for an organisation that needs to demonstrate its ability to provide medical devices and related services that consistently meet customer and applicable regulatory requirements.

Organisation utilising ISO 13485 can be involved in one or more stages of the life-cycle (e.g. design, development, production, storage, distribution, installation, or servicing) of a medical device or provision of associated activities (e.g. technical support).

ISO 13485:2016 can also be used by suppliers or external parties that provide product, including quality management system-related services to such organisations.

N.b.! Only the framework structure is currently available in Cyberday.

NIS2 (Directive on security of network and information systems)

PUBLIC SECTOR
Cyber security

NIS 2 sets the baseline for cybersecurity risk management measures and reporting obligations across important industries covered by the directive, such as energy, transport, health, food, waste, public administration and digital infrastructure - and even more importantly to their supply chains.

NIS 2 tigthtens the rules and expand its scope when compared to original NIS Directive from 2016. It also adds top management accountability and tightens sanctions for non-compliance.

SOC 2 (Systems and Organization Controls)

Cyber security

SOC 2 framework specifies how organizations should protect customer data from e.g. unauthorized access, security incidents or other vulnerabilities. It is developed by the American Institute of Certified Public Accountants (AICPA).

SOC 2 includes 5 different requirement sets: security, availability, processing integrity, confidentiality and privacy. A SOC 2 audit can be carried out related to one or all of these criteria. Each criteria has specific requirements that the company needs to comply with by implementing controls.

Cyber Essentials

PUBLIC SECTOR
Cyber security

Cyber Essentials is backed by the United Kingdom's government to help protect organisations, large or small, from cyber attacks. It is a good tool for getting the essentials of cyber security to a level which helps decrease the chance of your organisation to be vulnerable to basic cyber attacks.

  • Tasks for admins regarding firewall, password and device management policies and malware protection, user access control and software management.
  • Guidelines for employees regarding secure password practices and other cyber security basics.
  • Documentation of main software and hardware assets relevant for information security.
Our team is currently working on these frameworks and they will be published soon - in the upcoming weeks.
Coming soon

Cybersecurity Capability Maturity Model (C2M2)

PUBLIC SECTOR
Cyber security

The Cybersecurity Capability Maturity Model (C2M2) helps organizations evaluate their cybersecurity capabilities and optimize security investments.

It uses a set of industry-vetted cybersecurity practices focused on both information technology (IT) and operations technology (OT) assets and environments.

Coming soon

Digital Operational Resilience Act (DORA)

PUBLIC SECTOR
Cyber security

The Digital Operational Resilience Act (DORA) is an EU law on the resilience of digital operations. With the help of DORA, the aim is to achieve uniform high digital resilience in the EU area. It provides uniform requirements regarding information networks and systems that support business processes in the financial sector.

DORA sets requirements, e.g. protection, detection, isolation, recovery and repair in situations related to information security events. In addition, the requirements include extensive risk and incident management, sharing of cyber threats and vulnerabilities, requirements for resilience testing and notification of incidents to the authorities.

These frameworks are scheduled for next months. You can upvote frameworks on your Cyberday account that you would like to see implemented first.

ISO 22301:2019

You can vote for upcoming frameworks inside your own Cyberday account.
PUBLIC SECTOR
Cyber security
PRIVACY

ISO 22301 specifies requirements for building a management system that protects organization's business continuity by ensuring preparedness, response and recovering from disruptions.

  • Documentation about the critical functions of the organization and any related assets on the data processing environment
  • Tasks related to building a strong business continuity policy
  • Guidelines related to continuing operations in cases of adverse events

ISO 22301 is generic and applicable to all organizations, regardless of type, size and nature of the organization. Organization can also get certified against ISO 22301.

These frameworks are scheduled for the future. You can upvote frameworks on your Cyberday account that you would like to see implemented first.

CIS 18 (Critical Security Controls)

You can vote for upcoming frameworks inside your own Cyberday account.
Cyber security

The Center for Internet Security (CIS) has created CIS 18, a prioritized set of best practices created to stop the most pervasive and dangerous cyber security threats of today.

CIS 18 has been developed by leading security experts from around the world and is refined and validated every year.

IEC 62443

You can vote for upcoming frameworks inside your own Cyberday account.
Cyber security

IEC 62443 focuses on the safety of industrial automation and control systems (IACS). The requirements are designed to provide a framework for creating, implementing, operating, monitoring, verifying and improving security of IACS.

The requirements are relevant to several industrial sectors, such as manufacturing, energy and other critical infrastructure.

HIPAA (U.S. Health Insurance Portability and Accountability Act)

You can vote for upcoming frameworks inside your own Cyberday account.
PUBLIC SECTOR
Privacy
Cyber security
Health care

HIPAA is a series of regulatory standards outlining the lawful use and disclosure of protected health information (PHI). HIPAA compliance is regulated in the USA by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR).

Payment Card Industry Data Security Standard (PCI DSS)

You can vote for upcoming frameworks inside your own Cyberday account.
Cyber security

The Payment Card Industry Data Security Standard (PCI DSS) was developed to encourage and enhance payment card account data security and facilitate the broad adoption of consistent data security measures globally.

PCI DSS provides a baseline of technical and operational requirements designed to protect account data. While specifically designed to focus on environments with payment card account data, PCI DSS can also be used to protect against threats and secure other elements in the payment ecosystem.

Would you like to see a new framework? Tell us!

Fill a short form about a framework you would like to see in our tool and we will review it ASAP!
Ask for a new framework
Thank you! We received your message and will be in touch if relevant!

Kind regards,
Cyberday team 👋
Oops! Something went wrong while submitting the form.