⚙️Live webinar: AI governance in controlled environments: The next compliance challenge. Register now
6clicks Marketplace

Cyber, critical infrastructure & AI standards — all in one place.

The latest standards, laws and regulations, with curated metadata, mapped controls and expert guidance from 6clicks. Built for GRC, compliance and security teams.

Book a strategy call

All content · 15 items

GRCRegulationIn 6clicks App

Corporations Regulations 2001 — Corporations Regulations 2001

The Corporations Regulations 2001 is a set of legislative rules in Australia that provide detailed regulations supporting the Corporations Act 2001. It governs key aspects of corporate governance, financial reporting, and administration within Australian companies.

Issuer
Australian Government
Jurisdiction
Australia
Version
01 January 2022
Updated
Jan 2022
View detailscorporate-governance · legislation
GRCLawIn 6clicks App

Corporations Act 2001 — Corporations Act 2001

The Corporations Act 2001 is Australia’s primary legislation regulating companies and other business entities. It outlines fiduciary duties for directors, including acting in good faith, exercising care and diligence, avoiding improper use of information or position, and disclosing certain interests.

Issuer
Australian Government
Jurisdiction
Australia
Version
28 September 2017
Updated
Nov 2024
View detailscorporate governance · fiduciary duties
AIStandardIn 6clicks App

ISO/IEC 42001 — ISO/IEC 42001:2023 - Artificial Intelligence Management System

ISO/IEC 42001:2023 is the first international standard for Artificial Intelligence Management Systems (AIMS). It provides requirements for establishing, implementing, maintaining, and improving AIMS, focusing on the responsible use, governance, and risk management of AI across organizations.

Issuer
ISO/IEC
Version
2023
Updated
Dec 2023
View detailsartificial intelligence · risk management
GRCStandardIn 6clicks App

CPS 230 — Prudential Standard CPS 230 Operational Risk Management

CPS 230 sets out requirements for APRA-regulated entities to effectively manage operational risks. It covers obligations on governance, risk frameworks, and risk controls to ensure resilience against operational disruptions.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2023
View detailsoperational risk · risk management
GRCGuidelineIn 6clicks App

RG 259 — RG 259 Risk management systems of fund operators

This regulatory guide provides specific guidance for Australian financial services (AFS) licensees that are responsible entities or corporate directors (fund operators) on how to comply with their obligation under s912A(1)(h) of the Corporations Act 2001 to maintain adequate risk management systems.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailsrisk management · fund operators
CybersecurityFrameworkIn 6clicks App

CMMC — Cybersecurity Maturity Model Certification

The Cybersecurity Maturity Model Certification (CMMC) Assessment Guide defines how organizations are evaluated for compliance with cybersecurity requirements when working with the U.S. Department of Defense. It outlines assessment methods, evidence expectations, and control validation aligned with standards like NIST SP 800-171. The guide ensures consistent and rigorous verification of an organization’s ability to protect sensitive information.

Issuer
US Government
Jurisdiction
United States
Version
2.13
View detailsinformation security · cybersecurity
GRCStandardIn 6clicks App

CPS 510 — Prudential Standard CPS 510 Governance

This is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) to provide requirements for governance of regulated entities. It focuses on promoting sound corporate governance practices.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
View detailsgovernance · board
GRCStandardIn 6clicks App

SPS 310 — Prudential Standard SPS 310 Audit and Related Matters

Prudential Standard SPS 310 establishes requirements for conducting audits and related matters for the superannuation industry in Australia. It ensures compliance with financial reporting and auditing practices in accordance with regulatory standards.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jun 2024
View detailsaudit · superannuation
CybersecurityStandardIn 6clicks App

VPDSS 2.0 — Victorian Protective Data Security Standards V2.0

The Victorian Protective Data Security Standards (VPDSS) establish 12 high-level mandatory requirements for the protection of public sector information in Victoria, Australia. These requirements cover governance, information, personnel, ICT, and physical security, focusing on a risk-managed approach tailored to the Victorian government context.

Issuer
Office of the Victorian Information Commissioner (OVIC)
Jurisdiction
Victoria, Australia
Version
2.0
Updated
Oct 2019
View detailsdata security · public sector
GRCFrameworkControl setIn 6clicks App

COBIT 2019 — COBIT 2019 Framework

The COBIT 2019 Framework, developed by ISACA, is a globally recognized standard for optimizing enterprise IT governance and management. It provides flexible, detailed guidance for organizations aiming to achieve effective governance over information and technology.

Issuer
ISACA
Version
2019
View detailsit governance · framework
GRCStandardIn 6clicks App

CPS 520 — Prudential Standard CPS 520 Fit and Proper

The Prudential Standard CPS 520 sets out the requirements for assessing the fitness and propriety of responsible persons in APRA-regulated institutions, including banks, insurers, and private health insurers. It ensures that key positions are held by individuals who meet high standards of integrity and competence.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2019
View detailsprudential · fit and proper
GRCGuidelineIn 6clicks App

RG 270 — RG 270 Whistleblower Policies

This guide provides entities with information on establishing whistleblower policies that comply with legal obligations under the Corporations Act. It includes guidance for both entities required to have such policies and those managing whistleblowing under legal frameworks.

Issuer
Australian Securities and Investments Commission (ASIC)
Jurisdiction
Australia
View detailswhistleblowing · corporate governance
PrivacyRegulationIn 6clicks App

India - (DPDP) Rules — India - Digital Personal Data Protection (DPDP) Rules

The Digital Personal Data Protection Rules, 2025 operationalize India’s Digital Personal Data Protection Act, 2023 by establishing detailed requirements for the collection, processing, storage, and protection of digital personal data. The Rules define obligations for organizations handling personal data, including consent management, breach notifications, data retention, and protections for children and vulnerable individuals. They also establish governance mechanisms such as the Data Protection Board and provide a phased implementation timeline for compliance.

Issuer
Government of India
Version
2025
Updated
Jan 2025
View detailsprivacy · cybersecurity
GRCStandardIn 6clicks App

CPS 220 — Prudential Standard CPS 220 Risk Management

CPS 220 is a prudential standard issued by the Australian Prudential Regulation Authority (APRA) outlining risk management requirements for regulated entities. It establishes standards for institutions to identify, assess, and manage risks effectively to ensure financial stability and compliance.

Issuer
Australian Prudential Regulation Authority (APRA)
Jurisdiction
Australia
Updated
Jul 2017
View detailsrisk management · governance
PrivacyLawIn 6clicks App

India - PDPD Act — India - Digital Personal Data Protection (PDPD) Act (Act No. 22 of 2023)

The Digital Personal Data Protection Act, 2023 (Act No. 22 of 2023) establishes India’s legal framework for processing digital personal data while balancing individuals’ privacy rights with lawful data use. The Act defines obligations for organizations handling personal data, grants rights and duties to individuals, and introduces requirements for consent, data protection, and breach accountability. It also establishes the Data Protection Board of India to oversee compliance, adjudication, and enforcement of penalties for violations.

Issuer
Government of India
Jurisdiction
India
Version
2023
Updated
Aug 2023
View detailsprivacy · cybersecurity
Industries

Looking for sector-specific guidance?

Each industry page bundles the standards that matter most for that sector, with expert commentary and links to the 6clicks platform.

Critical Infraustructure

Critical infrastructure spans the energy, water, transport, healthcare, and communications sectors whose disruption would impact national security, safety, and the economy.

See items

Defense

6clicks deploys inside classified and air-gapped environments, meets strict data handling requirements, and keeps your program audit-ready.

See items

Finance Sector

Pertains to banking, insurance, and financial services, focusing on regulatory compliance, risk management, and financial integrity.

See items

Government

See items
All industries

Ready to operationalize these standards?

The 6clicks platform maps these regulations to controls, evidence and risks — automatically.

Book a strategy call