Frameworks Library

Every framework your organization needs. One platform to manage them all.

Operlity supports a comprehensive and growing library of global compliance frameworks, regulations, and industry standards — giving your team the structured programs, pre-loaded controls, and compliance workflows to meet your obligations wherever you operate.

Book a Demo Browse frameworks

Operlity's multi-framework library showing pre-loaded global compliance frameworks with cross-framework control mapping

Compliance never lives in isolation

Most organizations answer to multiple frameworks at once.

Compliance obligations don't exist in isolation. Most organizations must simultaneously meet requirements from multiple frameworks — security standards, privacy regulations, industry mandates, and regional requirements — often with overlapping controls and shared evidence requirements.

Operlity's multi-framework architecture lets you manage all of your compliance obligations from a single platform — with cross-framework control mapping that eliminates duplicated effort and a unified compliance posture view that gives leadership a consolidated picture of where you stand across every framework you're accountable to.

Information security

Frameworks for managing information security at scale.

Framework	Region	Type	What it covers
ISO 27001	Global	Certification	Information security management system requirements covering 114 controls across 14 domains
NIST CSF 2.0	Global	Framework	Cybersecurity framework covering six functions: Govern, Identify, Protect, Detect, Respond, and Recover (CSF 2.0, Feb 2024)
SOC 2	Global	Audit Standard	Trust Services Criteria covering security, availability, processing integrity, confidentiality, and privacy — Type I and Type II
UK Cyber Essentials	United Kingdom	Certification	Five foundational technical controls protecting against the most common cyber threats
Saudi ECC	Saudi Arabia	Mandatory	Essential cybersecurity controls for government agencies and critical infrastructure operators
UAE IAS (formerly NESA)	UAE	Mandatory	UAE Cybersecurity Council Information Assurance Standards for federal government entities and critical infrastructure operators
Saudi SAMA CSF	Saudi Arabia	Mandatory	Cybersecurity framework for SAMA-regulated financial institutions

Data protection & privacy

Privacy regulations governing personal data — across every jurisdiction.

Framework	Region	Type	What it covers
GDPR	European Union	Regulation	Comprehensive data protection regulation governing personal data of EU residents
CCPA / CPRA	United States	Regulation	California's comprehensive consumer privacy law governing personal information of California residents
DPDPA	India	Regulation	Digital Personal Data Protection Act governing personal data of Indian residents
Saudi PDPL	Saudi Arabia	Regulation	Personal Data Protection Law governing personal data of Saudi residents
UAE PDPL	UAE	Regulation	Federal data protection law governing personal data of UAE residents

Industry & sector

Standards for the industries that face the most demanding compliance environments.

Framework	Region	Type	What it covers
PCI DSS	Global	Standard	Payment card industry data security standard for organizations handling cardholder data
HIPAA	United States	Regulation	Health Insurance Portability and Accountability Act governing protected health information
ISO 22301	Global	Certification	Business continuity management system requirements

AI governance

Frameworks for the responsible development and deployment of AI.

Framework	Region	Type	What it covers
EU AI Act	European Union	Regulation	World's first comprehensive AI regulation covering development, deployment, and use of AI systems
ISO/IEC 42001:2023	Global	Certification	AI management system standard for responsible development and use of AI (published December 2023)
NIST AI RMF 1.0	Global	Framework	AI risk management framework covering Govern, Map, Measure, and Manage functions (published January 2023)

Risk management

Frameworks for structured enterprise risk management.

Framework	Region	Type	What it covers
ISO 31000	Global	Standard	Risk management principles and guidelines for enterprise risk programs
COSO ERM	Global	Framework	Enterprise risk management framework covering strategy, performance, and governance

Multi-framework management

One platform. Every framework. Zero duplication.

Managing compliance across multiple frameworks simultaneously is one of the most resource-intensive challenges any compliance team faces. Operlity's multi-framework architecture is designed to eliminate the duplication and fragmentation that makes it so difficult.

Cross-framework control mapping — controls that satisfy requirements across multiple frameworks are mapped once and credited across all relevant frameworks — so your team never assesses the same control twice for different auditors.
Unified compliance posture — a single dashboard showing your compliance status across every active framework — with drill-down capability into framework-specific detail.
Shared evidence library — evidence collected for one framework is available for reuse across all frameworks that share the same control requirements — dramatically reducing evidence collection burden at audit time.
Framework updates — when frameworks are updated, Operlity surfaces what has changed and what needs to be reassessed — so your compliance program stays current as regulatory landscapes evolve.

Can't find your framework?

Operlity's framework library is continuously expanding.

If the framework or regulation your organization needs to meet is not yet in our library, our team can work with you to configure a custom compliance program tailored to your specific requirements.