Standards & Regulations

Quickly and easily manage, track, and harmonize your regulatory compliance.

Get your content suite now

Contact us now for a no obligation review of how content suites can accelerate your ACL experience

Curated common industry standards and regulations.

Missing critical regulatory updates can cost you more than just time and money—it can impact your organization’s reputation and shareholder value. But trying to stay on top of the latest updates is a gargantuan undertaking.

That’s why ACL built a dedicated team to research and curate a library of the most common industry standards and regulations. Plus our automated version updates make it easy to map your compliance obligations to your master controls to ensure full regulatory compliance.

Standards & Regulations by Content Suite

Banking & Lending

ACL’s content helps increase the value you bring to your organization by providing a lens on emerging risk while staying on top of the latest regulatory requirements. It’s a platform for you to intelligently manage and execute on your strategic agenda. No matter if you’re a bank or credit union, we’ve curated content toolkits to facilitate cross-collaboration between your three lines of defense. In no time, they’ll be speaking one common language and using a common taxonomy.

  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Availability of Funds and Collection of Checks - 12 CFR 229 (FRB Regulation CC). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Bank Holding Company Act (BHCA) - 12 CFR 225 (FRB Regulation Y). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated October 31, 2017

    Unfair, deceptive, or abusive acts and practices (UDAAPs) can cause significant financial injury to consumers, erode consumer confidence, and undermine the financial marketplace. It is unlawful for any provider of consumer financial products or services or a service provider to engage in any unfair, deceptive or abusive act or practice. The CFPB has enforcement authority to prevent unfair, deceptive, or abusive acts or practices in connection with any consumer financial product or service, and has supervisory authority for detecting and assessing risks to consumers and to markets for consumer financial products and services. Consumer Financial Protection Bureau (CFPB) Supervision and Examination Manual (2017) - Unfair, Deceptive or Abusive Acts or Practices (UDAAPs), October 2012.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Community Reinvestment Act (CRA) - 12 CFR 228 (FRB Regulation BB). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Debit Card Interchange Fees and Routing - 12 CFR 235 (Regulation II). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Electronic Funds Transfer Act (EFTA) - 12 CFR 205 (FRB Regulation E). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Equal Credit Opportunity Act - 12 CFR 1002 (CFPB Regulation B). Organizations can tie their internal controls, provide rationalization, and report any compliance related issues related this regulation.
  • Last updated October 31, 2017

    The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Consumer reporting agencies include credit bureaus and financial agencies -- such as those that sell information about rental history records. In 2010, the Consumer Financial Protection Bureau (CFPB) was granted rule-making authority under FCRA. On December 21, 2011, the CFPB restated FCRA regulations under its authority at 12 CFR Part 1022, also known as CFPB Fair Credit Reporting – Regulation V. Consumer Financial Protection Bureau (CFPB). U.S. Government Publishing Office (GPO) Electronic Code of Federal Regulations (eCFR).
  • Last updated October 31, 2017

    The FDIC FIL-50-2001 Banking Technology Bulletin on Outsourcing: Effective Practices for Selecting a Service Provider suggests techniques that can facilitate the process by which financial institutions conduct due diligence and select the best service provider.

    Federal Deposit Insurance Corporation (FDIC) 2001. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated October 31, 2017

    The FDIC FIL-50-2001 Banking Technology Bulletin on Outsourcing: Techniques for Managing Multiple Service Providers discusses two techniques to manage risks inherent in multiple service provider relationships. The first technique involves the use of a lead contractor to manage the bank’s various technology providers. The second technique, which may present its own set of implementation challenges, involves the use of operational agreements between each of the service providers.

    Federal Deposit Insurance Corporation (FDIC) 2001. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.

  • Last updated October 31, 2017

    The FDIC FIL-50-2001 Banking Technology Bulletin on Outsourcing: Tools to Manage Technology Providers' Performance Risk: Service Level Agreements discusses the Service Level Agreement (SLA) as an effective tool for managing the risks associated with technology outsourcing and describes practices for measuring and monitoring service providers’ performance. 

    Federal Deposit Insurance Corporation (FDIC) 2001. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated October 31, 2017

    The InTREx Program is an enhanced, risk-based approach for conducting IT examinations. The Program helps to ensure that financial institution management promptly identifies and effectively addresses IT and cybersecurity risks.

    Federal Deposit Insurance Corporation (FDIC) 2016. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated December 1, 2017

    The FDIC's Trust Examination Manual is designed to assist regulators in planning and conducting regulatory examinations of trust departments. The manual serves as a comprehensive reference on trust concepts, principles, common and statutory law - both State and Federal - and regulations along with the applicable regulations that together govern the behavior of fiduciaries.

    Federal Deposit Insurance Corporation (FDIC) 2016. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FDIC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FDIC, nor has the FDIC partnered with ACL Services Ltd. on this publication.
  • Last updated October 31, 2017

    The Bank Secrecy Act (BSA) is legislation that requires U.S. financial institutions to collaborate with the U.S. government in cases of suspected fraud or money laundering. It requires financial institutions to maintain records of transactions and file reports of suspicious activity.

    U.S. Department of Treasury - Office of the Comptroller of the Currency (OCC): Bank Secrecy Act (BSA). As a work of the U.S. government, this product is not subject to copyright protection.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Audit 2012. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Business Continuity Planning 2015. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Development and Acquisition 2004. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - E-Banking 2003. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This “Information Security” booklet is an integral part of the Federal Financial Institutions Examination Council (FFIEC) Information Technology Examination Handbook (IT Handbook) and should be read in conjunction with the other booklets in the IT Handbook. This booklet provides guidance to examiners and addresses factors necessary to assess the level of security risks to a financial institution’s information systems. It also helps examiners evaluate the adequacy of the information security program’s integration into overall risk management.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Management 2015. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated May 1, 2018

    This booklet is one in a series that comprise the Federal Financial Institutions Examination Council (FFIEC) Information Technology Handbook (IT Handbook). It provides guidance to examiners and financial institutions on risk management processes that promote sound and controlled operation of technology environments.

    Federal Financial Institutions Examination Council (FFIEC) 2014: Board of Governors of the Federal Reserve System, Consumer Financial Protection Bureau, Federal Deposit Insurance Corporation, National Credit Union Administration, Office of the Comptroller of the Currency, State Liaison Committee. As a work of the U.S. government, this product is not subject to copyright protection.

    Note: Use of the FFIEC data labels does not constitute an endorsement, recommendation, or favoring by the U.S. government or the FFIEC, nor has the FFIEC partnered with ACL Services Ltd. on this publication.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Outsourcing Technology Services 2004. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Retail Payment Systems 2016. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Examination Handbook - Supervision of Technology Service Providers 2012. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated April 30, 2018

    This standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over the guidance provided to examiners in FFIEC IT Handbook - Wholesale Payment Systems 2004. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated May 2, 2018

    The Gramm-Leach-Bliley Act (GLBA) governs the treatment of nonpublic personal information about consumers by financial institutions. In 2000, the Board of Governors of the Federal Reserve System (Board), the Federal Deposit Insurance Corporation (FDIC), the National Credit Union Administration (NCUA), the Office of the Comptroller of the Currency (OCC), and the former Office of Thrift Supervision (OTS), published regulations implementing provisions of GLBA governing the treatment of nonpublic personal information about consumers by financial institutions. The Consumer Financial Protection Bureau (CFPB) was granted rule-making authority for most provision of GLBA, as well as examination and enforcement authority with respect to financial institutions and other entities subject to the CFPB's jurisdiction. On December 2011, the CFPB recodified the GLBA regulations under its authority at 12 CFR Part 1016, also known as CFPB Privacy of Consumer Financial Information – Regulation P. Consumer Financial Protection Bureau (CFPB). U.S. Government Publishing Office (GPO) Electronic Code of Federal Regulations (eCFR).
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Home Mortgage Disclosure Act (HMDA) - 12 CFR 1003 (CFPB Regulation C). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated October 31, 2017

    The New York State Department of Financial Services (DFS) implemented this Cybersecurity regulation to promote the protection of customer information as well as the information technology systems of regulated entities. The regulation requires banks, insurance companies, and other financial services institutions regulated by the Department of Financial Services to establish and maintain a cybersecurity program designed to protect consumers’ private data and ensure the safety and soundness of New York’s financial services industry.

    New York State Department of Financial Services (DFS). This regulation is available for download at http://www.dfs.ny.gov/legal/regulations/adoptions/dfsrf500txt.pdf.

  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Real Estate Settlement Procedures Act (RESPA) - 12 CFR 1024 (CFPB Regulation X). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Reserve Requirements of Depository Institutions - 12 CFR 204 (FRB Regulation D). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
  • Last updated May 1, 2018

    This regulation is available in ACL's compliance library for organizations seeking to demonstrate coverage over Truth in Lending Act (TILA) - 12 CFR 1026 (CFPB Regulation Z). Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related this regulation.
Learn more about this content suite

Governments & Higher Education

As a GRC professional, you’re constantly challenged to do more with less. Whether you’re assuring regulatory compliance, managing your organization's evolving risk landscape or protecting against fraud, waste and abuse, we can help. Drawing on decades of experience working with hundreds of governments and educational institutions, ACL is positioned to help you achieve your GRC goals. The toolkits below include an integrated library of standards and regulations and resources to help make your job easier.

  • Last updated May 2, 2018

    The Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99) is a Federal law that protects the privacy of student education records. The law applies to all schools that receive funds under an applicable program of the U.S. Department of Education.

    FERPA gives parents certain rights with respect to their children's education records. These rights transfer to the student when he or she reaches the age of 18 or attends a school beyond the high school level. Students to whom the rights have transferred are "eligible students."

    U.S. Department of Education (ED). U.S. Government Publishing Office (GPO) Electronic Code of Federal Regulations (eCFR).
  • Last updated May 10, 2018

    The Federal Information System Controls Audit Manual (FISCAM 2009) presents a methodology for performing information system control audits of federal and other governmental entities in accordance with professional standards. The focus of FISCAM Chapter 4  is Evaluating and Testing Business Process Application Controls.

    U.S. Government Accountability Office (GAO): Federal Information System Controls Audit Manaual (FISCAM), February 2009. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated May 10, 2018

    The Federal Information System Controls Audit Manual (FISCAM 2009) presents a methodology for performing information system control audits of federal and other governmental entities in accordance with professional standards. The focus of FISCAM Chapter 3 is Evaluating and Testing General Controls.

    U.S. Government Accountability Office (GAO): Federal Information System Controls Audit Manaual (FISCAM), February 2009. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated October 31, 2017

    The professional standards presented in this 2011 revision of Government Auditing Standards provide a framework for performing high-quality audit work with competence, integrity, objectivity, and independence to provide accountability and to help improve government operations and services. These standards provide the foundation for government auditors to lead by example in the areas of independence, transparency, accountability, and quality through the audit process. U.S. Government Accountability Office (GAO): Government Auditing Standards, 2011 Revision. 
  • Last updated October 31, 2017

    Green Book, also known as Standards for Internal Control in the Federal Government, is a framework that sets the internal control standards for federal entities, and provides the schema for designing, implementing, and operating an effective internal control system.

    U.S. Government Accountability Office (GAO): Standards for Internal Control in the Federal Government (a.k.a. "Green Book"). As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated November 1, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements the Federal Government expects to be considered as part of an audit of States, local governments, Indian tribal governments, and nonprofit organizations that administer Federal financial assistance programs.

    Part 4 provides compliance requirements specific to each Federal program. This section contains compliance requirements specific to CFDA 20.600: State and Community Highway Safety.

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.
     
  • Last updated November 1, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements the Federal Government expects to be considered as part of an audit of States, local governments, Indian tribal governments, and nonprofit organizations that administer Federal financial assistance programs.

    Part 4 provides compliance requirements specific to each Federal program. This section contains compliance requirements specific to CFDA 84.377: School Improvement Grants (Section 1003(g) of the ESEA).

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.
     
  • Last updated November 20, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements the Federal Government expects to be considered as part of an audit of States, local governments, Indian tribal governments, and nonprofit organizations that administer Federal financial assistance programs.

    Part 4 provides compliance requirements specific to each Federal program. This section contains compliance requirements specific to CFDA 93.558: Temporary Assistance For Needy Families (TANF).

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated November 20, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements the Federal Government expects to be considered as part of an audit of States, local governments, Indian tribal governments, and nonprofit organizations that administer Federal financial assistance programs.

    Part 4 provides compliance requirements specific to each Federal program. This section contains compliance requirements specific to CFDA 14.195: Section 8 Housing Assistance Payments Program.

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.
     
  • Last updated November 9, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements. It defines the audit requirements for an organization-wide audit or examination of an entity that expends $750,000 or more of Federal assistance.

    Part 3.1 applies to grants received before December 26 2014.

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.

  • Last updated October 31, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements the Federal Government expects to be considered as part of an audit of States, local governments, Indian tribal governments, and nonprofit organizations that administer Federal financial assistance programs.

    Part 3.2 applies to new federal awards and incremental funding actions with changed terms and conditions based on the uniform guidance in 2 CFR Part 200 (As adopted or implemented by the federal agencies) made on or after December 26, 2014.

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated November 29, 2017

    OMB Circular A-133 Subpart F is a comprehensive U.S. federal government guide that identifies important compliance requirements the Federal Government expects to be considered as part of an audit of States, local governments, Indian tribal governments, and nonprofit organizations that administer Federal financial assistance programs.

    Part 4 provides compliance requirements specific to each Federal program. This section contains compliance requirements specific to CFDA 10.558: Supplemental Nutrition Assistance Program (SNAP).

    U.S. Office of Management and Budget (OMB): Circular A-133 Audits of States, Local Governments, and Non-Profit Organizations. As a work of the U.S. government, this product is not subject to copyright protection.
     
Learn more about this content suite

IT Governance

With thousands of industry standards, internal policies, or regulatory requirements, keeping on top of compliance can be daunting. Add in an increasing risk of penalties, brand damage, and the threat of being held personally liable … and it’s overwhelmingly clear how important it is to maintain updated and accurate compliance records. ACL’s curated content subscription integrates common frameworks and automated updates for IT risk & compliance management, making it easy for you to minimize risk exposure and collaborate with your front line.

  • Last updated May 2, 2018

    The AICPA Trust Security Criteria 2016 - SSAE 16/18 SOC 2 standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over SSAE16/18 SOC 2. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated May 2, 2018

    The AICPA Trust Security Criteria 2017 - SSAE 16/18 SOC 2 standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over SSAE16/18 SOC 2. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated January 11, 2018

    The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC. The GDPR provides requirements to protect personal data, which can include typical personal or account data that identifies a person. It was created to reshape the way organizations approach data privacy. 

    Official Journal of the European Union. EU publications are all freely available for download at http://eur-lex.europa.eu/. Except where otherwise stated, reuse of the EUR-Lex data for commercial or non-commercial purposes is authorised. 

  • Last updated October 31, 2017

    The Health Insurance Portability and Accountability Act was created to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.

    U.S. Department of Health & Human Services (HHS): Title 45, Subtitle A, Subchapter C, Parts 160, 162 and 164. As a work of the U.S. government, this product is not subject to copyright protection.

  • Last updated May 2, 2018

    The ISACA Privacy Principles 2016 standard is available in ACL's compliance library for organizations seeking to demonstrate coverage over data privacy regulations. Organizations can tie their internal controls, provide rationalization, and report any compliance audit issues related to this standard.
  • Last updated May 2, 2018

    International Standard ISO/IEC 27001:2013 Information Security Management Systems - Requirements provides requirements for establishing, implementing, maintaining and continually improving an information security management system. The adoption of an information security management system is a strategic decision for an organization. The establishment and implementation of an organization’s information security management system is influenced by the organization’s needs and objectives, security requirements, the organizational processes used and the size and structure of the organization. All of these influencing factors are expected to change over time. ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. © ISO. All rights reserved.
  • Last updated May 2, 2018

    International Standard ISO/IEC 27002:2013 Code of Practice for Information Security Controls is designed for organizations to use as a reference for selecting controls within the process of implementing an Information Security Management System (ISMS) based on ISO/IEC 27001 or as a guidance document for organizations implementing commonly accepted information security controls. This standard is also intended for use in developing industry- and organization-specific information security management guidelines, taking into consideration their specific information security risk environment(s). ISO (the International Organization for Standardization) and IEC (the International Electrotechnical Commission) form the specialized system for worldwide standardization. © ISO. All rights reserved.
  • Last updated April 4, 2018

    The NIST Framework for Improving Critical Infrastructure Cybersecurity enables organizations to apply the principles and best practices of risk management to improving the security and resilience of critical infrastructure. The Framework uses common language to address and manage cybersecurity risk in a cost-effective way based on business needs without placing additional regulatory requirements on businesses. Because it references globally recognized standards for cybersecurity, the Framework can be used by organizations located outside the United States and can serve as a model for international cooperation on strengthening critical infrastructure.

    U.S. Department of Commerce: National Institute of Standards and Technology (NIST). NIST publications are all freely available for download at http://csrc.nist.gov/. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated October 31, 2017

    NIST SP 800-53 Privacy Controls provide a structured set of controls for protecting privacy and serves as a roadmap for organizations to use in identifying and implementing privacy controls concerning the entire life cycle of PII (personally identifiable information), whether in paper or electronic form. The controls focus on information privacy as a value distinct from, but highly interrelated with, information security.

    U.S. Department of Commerce: National Institute of Standards and Technology (NIST). NIST publications are all freely available for download at http://csrc.nist.gov/. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated October 31, 2017

    NIST SP 800-53 Program Management Controls focus on the organization-wide information security requirements that are independent of any particular information system and are essential for managing information security programs.

    U.S. Department of Commerce: National Institute of Standards and Technology (NIST). NIST publications are all freely available for download at http://csrc.nist.gov/. As a work of the U.S. government, this product is not subject to copyright protection.
  • Last updated October 31, 2017

    NIST SP 800-53 Security Controls are the management, operational, and technical safeguards or countermeasures employed within an organizational information system to protect the confidentiality, integrity, and availability of the system and its information.

    U.S. Department of Commerce: National Institute of Standards and Technology (NIST). NIST publications are all freely available for download at http://csrc.nist.gov/. As a work of the U.S. government, this product is not subject to copyright protection.

    The Federal Risk and Authorization Management Program, or FedRAMP (also included in scope), is a U.S. government program that standardizes how the Federal Information Security Management Act (FISMA) applies to cloud computing services. It provides a standardized approach to security assessment, authorization, and continuous monitoring of cloud-based services.

    U.S. General Services Administration (GSA): Federal Risk and Authorization Management Program (FedRAMP). As a work of the U.S. government, this product is not subject to copyright protection.

     
  • Last updated May 2, 2018

    Payment Card Industry Data Security Standard (PCI DSS) is a framework that provides a baseline of technical and operating requirements designed to protect cardholder data. It was developed to encourage and enhance cardholder data security and increase adoption of consistent data security measures on a global scale. 

    Portions of this product are provided courtesy of PCI Security Standards Council, LLC ("PCI SSC"). ©[2006-2016] PCI Security Standards Council, LLC. All rights reserved. PCI SSC does not endorse this product, its provider or the methods, procedures, statements, views, opinions or advice contained herein. All references to documents, materials or portions thereof made available by PCI SSC ("PCI Materials") should be read as qualified by the actual PCI Materials. For questions regarding PCI Materials, please contact PCI SSC through its web site at https://www.pcisecuritystandards.org.
Learn more about this content suite

Subscription Value

It’s a challenge to understand where risk may exist in material processes across your organization. With literally hundreds of frameworks and even more requirements, where do you even begin to determine the most recent industry framework to use and the most effective controls to implement to illuminate your risks? What you need is a simple way to apply best practice analytics or implement common industry frameworks (i.e., COSO, COBIT).

With ACL’s Subscription Value Suite, we can help you get off the ground faster. Draw on the experience of ACL and our vast community of users to leverage proven tools and industry-rich knowledge you won’t find anywhere else. Find ready-to-use regulatory standards and frameworks, pre-built analytic scripts and more. There’s no easier path to helping your organization instantly drive performance and make the right strategic decisions.

  • Last updated February 15, 2018

    COBIT® 5 is a comprehensive IT audit framework. It helps enterprises create optimal value from IT by maintaining a balance between realizing benefits and optimizing risk levels and resource use.

    This product includes COBIT® 5 Framework, used by permission of ISACA® ©2017 ISACA®. All rights reserved.

    COBIT® is a registered trademark of the Information Systems Audit and Control Association® (ISACA®).
  • Last updated October 31, 2017

    COSO® Internal Control Framework 2013 is an integrated framework that enables organizations to effectively and efficiently develop systems of internal control. Areas covered by COSO® Internal Control Framework 2013 include adapting to changing business and operating environments, mitigating risks to acceptable levels, and supporting sound decision-making and governance of the organization.

    This product includes COSO's 2013 Internal Control - Integrated Framework, used by permission of the Committee of Sponsoring Organizations of the Treadway Commission (COSO). ©2013, Committee of Sponsoring Organizations of the Treadway Commission. All rights reserved.

    COSO is a registered trademark of the Committee of Sponsoring Organizations of the Treadway Commission (COSO).
  • Last updated November 18, 2017

    The IIA® International Standards for the Professional Practice of Internal Auditing (Standards) are a set of principles-based, mandatory requirements consisting of core requirements for the professional practice of internal auditing, and for evaluating the effectiveness of performance that are internationally applicable at organizational and individual levels. Conformance with the Standards is essential in meeting the responsibilities of internal auditors and the internal audit activity. © 2016 The Institute of Internal Auditors (IIA® ).
  • Last updated October 31, 2017

    ISACA® Information Technology Assurance Framework (ITAF™): A Professional Practices Framework for IS Audit/Assurance (3rd Edition) provides guidance, tools, and techniques on the planning, design, conduct and reporting of IS audit and assurance assignments. ITAF™ also establishes standards that address roles and responsiblilities, knowledge and skills, due diligence, conduct and reporting requirements for IS audit and assurance professionals, as well as defining terms and concepts specific to IS assurance. This product includes ITAF™, used by permission of ISACA® ©2017 ISACA®. All rights reserved.
Learn more about this content suite

Not what you were looking for? Explore more content types

Strategic Risk Libraries

  • Enterprise Risk Libraries
  • Financial Services - Banks & Lending Enterprise Risks
  • Healthcare - Providers Enterprise Risks
  • And more

Risk & Control Frameworks

  • AGA® Subrecipient Risk Assessment Monitoring Tool 2009 Framework
  • CFPB Electronic Funds Transfer Act (EFTA) 2013 Framework
  • COBIT® 5 Risk & Control Framework
  • And more

Analysis Apps

  • ACH Data Import and Preparation Scripts
  • ACL Academy Online Training
  • ACL Essentials - Accounts Payable
  • And more