⚙️Build trust faster with streamlined custody and AI-driven assurance. Register now
6clicks Marketplace

Cyber, critical infrastructure & AI standards — all in one place.

The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.

Book a strategy call

All content · 87 items(page 2 of 2)

RegulationIn 6clicks App

EU AI Act — EU Artificial Intelligence Act

The EU AI Act (Regulation (EU) 2024/1689) is the world’s first comprehensive law regulating artificial intelligence. It establishes a risk-based framework that classifies AI systems into four categories—unacceptable, high-risk, limited-risk, and minimal-risk—with stricter obligations applied to higher-risk systems.

Issuer
European Union
Jurisdiction
European Union
Version
January 2024
Updated
Apr 2021
View detailsartificial intelligence · trustworthy ai
FrameworkIn 6clicks App

SCF — Secure Controls Framework

The Secure Controls Framework (SCF) is a comprehensive, free cybersecurity and data privacy metaframework designed to simplify compliance and build secure, resilient organizations. It unifies control sets to simultaneously meet compliance requirements across multiple laws, regulations, and frameworks.

Issuer
Secure Controls Framework (SCF) Council
Version
2023.2
View detailscybersecurity · compliance
GuidelineIn 6clicks App

Cyber Essentials v3.2 — Cyber Essentials Requirements for IT Infrastructure

Cyber Essentials is a UK government-backed scheme focused on protecting IT infrastructure from common cyber threats. Version 3.2 outlines updated security controls and practices.

Issuer
UK National Cyber Security Centre (NCSC)
Jurisdiction
United Kingdom
Version
3.2
View detailscybersecurity · IT infrastructure
RegulationIn 6clicks App

EU Data Act — Regulation on harmonised rules on fair access to and use of data (Data Act)

The Data Act is an EU regulation that aims to establish fair rules for access to and use of data generated by connected devices. It promotes data sharing, safeguards user rights, and prevents unfair practices while supporting innovation and the data economy.

Issuer
European Commission
Jurisdiction
European Union
Version
(EU) 2023/2854
Updated
Dec 2025
View detailsdata sharing · iot
GuidelineIn 6clicks App

RG 175 — RG 175 AFS licensing: Financial product advisers—Conduct and disclosure

This regulatory guide outlines the conduct and disclosure obligations of financial product advisers who provide advice to retail clients in Australia. It focuses on requirements under Part 7.7 and Division 2 of Part 7.7A of the Corporations Act.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
Updated
Nov 2024
View detailsfinancial services · corporations act
StandardIn 6clicks App

ADHICS — Abu Dhabi Healthcare Information and Cyber Security Standard

The AAMEN programme ensures that all healthcare facilities in Abu Dhabi comply with information security and data privacy standards to safeguard patient data. It incorporates the Abu Dhabi Healthcare Information and Cyber Security Standard (ADHICS) and aims to enhance cybersecurity governance, resilience, and innovation in the healthcare sector.

Issuer
Department of Health Abu Dhabi
Jurisdiction
Abu Dhabi, United Arab Emirates
Version
2
Updated
May 2026
View detailscybersecurity · healthcare
StandardIn 6clicks App

CPS 231 — Prudential Standard CPS 231 Outsourcing

The Prudential Standard CPS 231 establishes requirements for outsourcing arrangements by financial institutions regulated by the Australian Prudential Regulation Authority (APRA). It aims to ensure that risks associated with outsourcing are effectively managed.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2017
View detailsoutsourcing · risk management
GuidelineIn 6clicks App

RG 1 — RG 1 Applying for and varying an AFS licence

This regulatory guide provides details on the process for applying for and varying an Australian Financial Services (AFS) licence. It outlines ASIC’s approach to assessing applications and the required documentation for submission.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailsafs licence · licensing process
StandardIn 6clicks App

UAE IA V2 — UAE Information Assurance Standard Version 2

The UAE Information Assurance Standard Version 2 (UAE IA V2) is a national cybersecurity framework issued by the UAE Cyber Security Council in 2025. It builds upon the previous version with updated controls and integrations to address modern technologies, such as AI/ML, IoT, cloud, and post-quantum cryptography.

Issuer
UAE Cyber Security Council
Jurisdiction
United Arab Emirates
Version
2.0
Updated
Oct 2025
View detailscybersecurity · information assurance
GuidelineIn 6clicks App

RG 271 — RG 271 Internal Dispute Resolution

This regulatory guide outlines enforceable standards and requirements for internal dispute resolution (IDR) systems for financial firms in Australia. It specifies the obligations these firms must meet to comply with ASIC's IDR standards.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
Updated
Sep 2021
View detailsinternal dispute resolution · complaint management
GuidelineIn 6clicks App

RG 274 — RG 274 Product Design and Distribution Obligations

This guide, issued by ASIC, outlines obligations for issuers and distributors of financial products under Part 7.8A of the Corporations Act. It provides ASIC's interpretation, expectations for compliance, and approach for administering these obligations.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailsfinancial products · compliance
StandardIn 6clicks App

VPDSS 2.0 — Victorian Protective Data Security Standards V2.0

The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.

Issuer
Office of the Victorian Information Commissioner (OVIC)
Jurisdiction
Victoria, Australia
Version
2.0
Updated
Oct 2019
View detailsdata security · public sector
StandardIn 6clicks App

AIUC-1 — AIUC-1

AIUC-1 is a standard focused on the security, safety, and reliability of AI agents used in enterprises. It addresses risks related to data privacy, security, accountability, and societal concerns while providing certification for compliant organizations.

Issuer
Artificial Intelligence Underwriting Company (AIUC)
Version
April 15, 2026
View detailsai standards · security
GuidelineIn 6clicks App

RG 181 — RG 181 AFS licensing: Managing conflicts of interest

This regulatory guide outlines the legal obligations under the Corporations Act for Australian financial services (AFS) licensees to have adequate arrangements to manage conflicts of interest. It provides specific guidance on identifying conflicts, implementing effective arrangements, and managing conflicts using appropriate tools.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
Updated
Dec 2025
View detailsconflicts of interest · afs licensing
GuidelineIn 6clicks App

NIST SP 800-39 — NIST Special Publication 800-39 - Managing Information Security Risk: Organization, Mission, and Information System View

NIST SP 800-39 provides guidance for developing an organization-wide program to manage information security risk. It introduces a structured yet flexible framework for assessing, responding to, and monitoring risks associated with federal information systems.

Issuer
National Institute of Standards and Technology (NIST)
Jurisdiction
United States
Updated
Mar 2011
View detailsrisk management · information security
GuidelineIn 6clicks App

NIST SP 800-82 Rev. 3 — NIST Special Publication 800-02 Rev. 3 - Guide to Operational Technology (OT) Security

This document provides guidance on securing operational technology (OT) systems, which include programmable devices interacting with the physical environment. It addresses unique performance, reliability, and safety requirements, identifies threats, and recommends security measures.

Issuer
National Institute of Standards and Technology (NIST)
Jurisdiction
United States
Version
Revision 3
View detailsoperational-technology · industrial-control-systems
GuidelineIn 6clicks App

NIST SP 800-171A Rev. 3 — NIST Special Publication 800-171A Rev. 3 - Assessing Security Requirements for Controlled Unclassified Information

This publication provides a methodology and assessment procedures for evaluating security requirements associated with the protection of Controlled Unclassified Information (CUI). It supports compliance with NIST SP 800-171 in nonfederal systems and organizations.

Issuer
National Institute of Standards and Technology (NIST)
Jurisdiction
United States
Version
Revision 3
Updated
Nov 2023
View detailscui · security requirements
GuidelineIn 6clicks App

RG 133 — RG 133 Funds Management and Custodial Services: Holding Assets

RG 133 outlines the Australian financial services (AFS) licence obligations for entities involved in managing and holding client assets. It sets minimum standards that apply to responsible entities of registered managed investment schemes, licensed custody providers, MDA providers, and IDPS operators.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
Updated
Dec 2024
View detailsfunds management · custodial services
GuidelineIn 6clicks App

NIST SP 800-161 Rev. 1 — NIST Special Publication 800-161 Rev. 1 - Cybersecurity Supply Chain Risk Management Practices for Systems and Organizations

This publication provides guidance on identifying, assessing, and mitigating cybersecurity risks throughout the supply chain. It integrates Cybersecurity Supply Chain Risk Management (C-SCRM) practices into organizational risk management processes.

Issuer
National Institute of Standards and Technology (NIST)
Jurisdiction
United States
Version
Rev. 1, Update 1
View detailscybersecurity · supply chain
FrameworkIn 6clicks App

NIST CSF 2.0 — NIST Cybersecurity Framework 2.0

The NIST Cybersecurity Framework 2.0 is a comprehensive framework to help organizations manage and reduce cybersecurity risks. It provides guidelines, tools, and resources for improving cybersecurity practices across diverse sectors.

Issuer
National Institute of Standards and Technology (NIST)
Jurisdiction
United States
Version
2.0
Updated
Feb 2026
View detailscybersecurity · framework
RegulationIn 6clicks App

GDPR — General Data Protection Regulation

The General Data Protection Regulation (GDPR) is a comprehensive data protection law enacted by the European Union to harmonize privacy regulations across member states. It governs the processing of personal data by organizations operating within the EU and those outside the EU that target EU residents.

Issuer
European Parliament and Council of the European Union
Jurisdiction
European Union
Updated
May 2018
View detailsdata protection · privacy
LawIn 6clicks App

APPs — Australian Privacy Principles

The Australian Privacy Principles (APPs) are a set of 13 principles that form the privacy protection framework under the Privacy Act 1988. They govern how personal information is collected, used, disclosed, and managed by organizations and agencies subject to the Act.

Issuer
Office of the Australian Information Commissioner (OAIC)
Jurisdiction
Australia
View detailsprivacy · data protection
LawIn 6clicks App

Privacy Act 1988 — Privacy Act 1988

The Privacy Act 1988 is an Australian law that regulates the handling of personal information by businesses, government agencies, and other entities. It includes provisions for the Australian Privacy Principles, credit reporting, and notification of data breaches.

Issuer
Australian Government
Jurisdiction
Australia
Version
No. 119, 1988
View detailsprivacy · data protection
GuidelineIn 6clicks App

CPG 234 — CPG 234 Information Security

This standard provides information security guidance for Australian financial institutions regulated by APRA. It aims to ensure operational resilience and protect against information security threats.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Version
June 2019
Updated
Jun 2019
View detailsinformation security · cyber risk
GuidelineIn 6clicks App

CPG 235 — Prudential Practice Guide CPG 235 - Managing Data Risk

The Prudential Practice Guide CPG 235 provides guidance for Australian financial institutions on how to effectively manage data risk. It focuses on identifying, assessing, and mitigating risks associated with data to ensure its integrity, availability, and confidentiality.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
View detailsdata risk · prudential guidance
StandardIn 6clicks App

CPS 220 — Prudential Standard CPS 220 Risk Management

CPS 220 is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) outlining risk management requirements for regulated entities. It establishes standards for institutions to identify, assess, and manage risks effectively to ensure financial stability and compliance.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2017
View detailsrisk management · governance
StandardIn 6clicks App

CPS 226 — Prudential Standard CPS 226: Margining and Risk Mitigation for Non-centrally Cleared Derivatives

This is an Australian standard issued by APRA outlining the requirements for margining and risk mitigation of non-centrally cleared derivatives. It ensures financial institutions operate with adequate practices to manage counterparty risk.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
View detailsderivatives · risk mitigation
StandardIn 6clicks App

CPS 232 — Prudential Standard CPS 232 Business Continuity Management

CPS 232 is an Australian Prudential Standard that outlines the requirements for regulated entities to maintain and manage effective business continuity plans. It ensures that entities are prepared to address and recover from disruptions to their operations.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2017
View detailsbusiness continuity · resilience
StandardIn 6clicks App

CPS 230 — Prudential Standard CPS 230 Operational Risk Management

CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks. It covers obligations on governance, risk frameworks, and risk controls to ensure resilience against operational disruptions.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2023
View detailsoperational risk · risk management
GuidelineIn 6clicks App

RG 166 — RG 166 AFS Licensing: Financial Requirements

RG 166 provides financial requirements for holders of an Australian Financial Services (AFS) licence, which vary based on the financial products and services offered. It excludes entities regulated by the Australian Prudential Regulation Authority (APRA) that are not required to comply with specific provisions of the Corporations Act 2001.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
Updated
Sep 2023
View detailsafs licensing · financial requirements
GuidelineIn 6clicks App

RG 104 — RG 104 AFS Licensing: Meeting the General Obligations

This regulatory guide provides information for Australian Financial Services (AFS) licensees and applicants about compliance with general obligations under section 912A(1) of the Corporations Act. It outlines what ASIC looks for during assessments of compliance.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailsafs · licensing
GuidelineIn 6clicks App

RG 105 — RG 105 AFS Licensing: Organisational Competence

This guide outlines the requirements for Australian financial services (AFS) licensees and applicants to meet the 'organisational competence obligation' under the Corporations Act. It provides clarity on compliance expectations relating to the qualifications, experience, and capability of key individuals within the licensee's organization.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailsafs licensing · organisational competence
StandardIn 6clicks App

CPS 510 — Prudential Standard CPS 510 Governance

This is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) to provide requirements for governance of regulated entities. It focuses on promoting sound corporate governance practices.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
View detailsgovernance · board
GuidelineIn 6clicks App

RG 270 — RG 270 Whistleblower Policies

This guide provides entities with information on establishing whistleblower policies that comply with legal obligations under the Corporations Act. It includes guidance for both entities required to have such policies and those managing whistleblowing under legal frameworks.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailswhistleblowing · corporate governance
GuidelineIn 6clicks App

RG 259 — RG 259 Risk management systems of fund operators

This regulatory guide provides specific guidance for Australian financial services (AFS) licensees that are responsible entities or corporate directors (fund operators) on how to comply with their obligation under s912A(1)(h) of the Corporations Act 2001 to maintain adequate risk management systems.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailsrisk management · fund operators
StandardControl setIn 6clicks App

ISO/IEC 27001:2013 — ISO/IEC 27001:2013 - Information technology — Security techniques — Information security management systems — Requirements

ISO/IEC 27001:2013 specifies the requirements for establishing, implementing, maintaining, and continually improving an information security management system (ISMS). It also includes guidelines for assessing and addressing information security risks in organizations.

Issuer
ISO/IEC
Jurisdiction
Global
Version
2013
View detailsinformation security · ISMS
StandardControl setIn 6clicks App

ISO/IEC 27001:2022 — ISO/IEC 27001:2022 - Information security, cybersecurity and privacy protection — Information security management systems — Requirements

ISO/IEC 27001:2022 is an international standard defining requirements for an information security management system (ISMS). It helps organizations establish, implement, maintain, and continually improve their information security processes to manage data-related risks.

Issuer
ISO/IEC
Jurisdiction
Global
Version
2022
View detailsinformation security · ISMS
Industries

Looking for sector-specific guidance?

Each industry page bundles the standards that matter most for that sector, with expert commentary and links to the 6clicks platform.

Critical Infraustructure

Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy.

See items

Defense

6clicks deploys inside classified and air-gapped environments, meets strict data handling requirements, and keeps your program audit-ready.

See items

Finance Sector

Pertains to banking, insurance, and financial services, focusing on regulatory compliance, risk management, and financial integrity.

See items

Government

See items
All industries

Ready to operationalize these standards?

The 6clicks platform maps these regulations to controls, evidence and risks — automatically.

Book a strategy call