The Independent Compliance Guide

Navigate Compliance with Confidence

Compare 100+ frameworks, 70+ tools, and 70+ auditors worldwide. Free guides, cost breakdowns, and expert matching — editorially independent.

106+: Frameworks
73+: Tools
74+: Auditors
660+: Pages of Guides

Compliance Frameworks

Every major compliance domain — from security and privacy to healthcare, financial services, and AI governance.

View all

AI Governance & Ethics

Guide to AI governance frameworks including the EU AI Act, NIST AI RMF, ISO 42001, and regional AI regulations. Understand the evolving landscape of AI compliance requirements.

6 frameworks

Audit & Assurance Standards

Guide to audit and assurance standards including ISO 19011, ISAE 3402, SSAE 18, and international auditing standards. Understand the frameworks that govern how compliance audits are conducted.

5 frameworks

Cloud & Infrastructure Security

Complete guide to cloud and infrastructure security frameworks including CSA CCM, FedRAMP, CIS Benchmarks, and regional cloud standards. Understand requirements for securing cloud environments.

10 frameworks

Financial & Payment Compliance

Complete guide to financial and payment compliance frameworks including PCI DSS, SOX, GLBA, Basel III, and more. Understand costs, timelines, and requirements for financial industry compliance.

14 frameworks

Healthcare Compliance

Comprehensive guide to healthcare compliance frameworks including HIPAA, HITECH, HITRUST CSF, and international health data regulations. Learn requirements, costs, and implementation strategies.

8 frameworks

Industry-Specific Compliance

Guide to industry-specific compliance frameworks including NERC CIP for energy, FERPA for education, DFARS for defense contractors, and more. Understand sector-specific requirements and implementation.

10 frameworks

Privacy & Data Protection

Comprehensive guide to global privacy and data protection frameworks including GDPR, CCPA, and 20+ international privacy laws.

23 frameworks

Regional & National Security Frameworks

Guide to regional and national security frameworks including K-ISMS, ISM, IT-Grundschutz, and government security certifications. Understand jurisdiction-specific requirements for cybersecurity compliance.

8 frameworks

Security & Governance Frameworks

Comprehensive guide to security and governance frameworks including ISO 27001, SOC 2, NIST CSF, CMMC, NIS2, DORA, and more. Learn which framework fits your organization's security posture and compliance requirements.

22 frameworks

View all frameworks

Popular Frameworks

View all

SOC 2

SOC 2 is the leading security compliance framework for SaaS companies selling to US enterprises. This guide covers Type I vs Type II, trust service criteria, costs, and the audit process.

ISO 27001

ISO 27001 is the international gold standard for information security management. This guide covers everything from scoping to certification, with real costs, timelines, and practical implementation advice.

HIPAA

HIPAA establishes national standards for protecting patient health information in the United States. This guide covers the Privacy Rule, Security Rule, Breach Notification, BAAs, and practical compliance strategies.

GDPR

The GDPR is the world's most influential data protection law, setting the standard for how organizations collect, process, and protect personal data of individuals in the EU and EEA. This guide covers lawful bases, data subject rights, breach notification, and practical compliance steps.

PCI DSS

PCI DSS v4.0 is the global standard for protecting payment card data. This guide covers all 12 requirements, merchant levels, SAQ types, cost breakdowns, and the transition from v3.2.1 to v4.0.

NIST CSF

The NIST Cybersecurity Framework provides a flexible, risk-based approach to managing cybersecurity risk. Learn how CSF 2.0 helps organizations of all sizes improve their security posture.

SOX

The Sarbanes-Oxley Act mandates internal control requirements for all US publicly traded companies. This guide covers Section 302, Section 404, IT general controls, costs, and implementation strategies.

HITRUST CSF

HITRUST CSF is the most widely adopted security framework in US healthcare. This guide covers the e1, i1, and r2 assessment types, certification process, costs, and why health systems require it.

I'm building a…

Compliance looks different for every company. Find the frameworks, tools, and auditors that match your industry and stage.

SaaS Startup

View

Fintech

PCI DSS, SOX, AML/BSA — financial services compliance

View

Healthcare / Healthtech

HIPAA, HITRUST, FDA — patient data protection

View

AI Company

EU AI Act, ISO 42001, NIST AI RMF — responsible AI governance

View

E-commerce

PCI DSS, GDPR, CCPA — payment and privacy compliance

View

Enterprise

Multi-framework compliance for large organizations

View

Government Contractor

FedRAMP, CMMC, NIST 800-171 — federal compliance

View

MSP / MSSP

Multi-tenant compliance management for service providers

View

Compare 73+ Compliance Tools

From compliance automation to GRC platforms — independently scored and reviewed.

View all tools

Wiz Review 2026: Pricing, Features, and Verdict

9.3/10

Review of Wiz, the leading cloud security platform. Covers agentless CSPM, CWPP, CIEM, security graph, and comparison with Orca and CrowdStrike.

Vanta Review 2026: Pricing, Features, and Verdict

9.2/10

In-depth review of Vanta, the leading compliance automation platform. Covers pricing, integrations, framework support, pros and cons, and who should use it.

CrowdStrike Falcon Review 2026: Pricing, Features, and Verdict

9.1/10

Review of CrowdStrike Falcon, the leading endpoint security platform. Covers EDR, cloud security, identity protection, compliance features, and pricing.

OneTrust Privacy Review 2026: Pricing, Features, and Verdict

9.0/10

Review of OneTrust Privacy, the market-leading privacy management platform. Covers consent management, DSAR automation, data mapping, and enterprise pricing.

Drata Review 2026: Pricing, Features, and Verdict

8.9/10

In-depth review of Drata, a leading compliance automation platform. Covers pricing, integrations, framework support, and comparison with alternatives.

OneTrust Review 2026: Pricing, Features, and Verdict

8.8/10

In-depth review of OneTrust, the leading enterprise GRC and privacy platform. Covers pricing, modules, framework support, and comparison with competitors.

Orca Security Review 2026: Pricing, Features, and Verdict

8.7/10

Review of Orca Security, an agentless cloud security platform. Covers SideScanning, CSPM/CWPP, compliance features, and comparison with Wiz.

Snyk Review 2026: Pricing, Features, and Verdict

8.7/10

Review of Snyk, the developer-first security platform. Covers open source scanning, container security, SAST, free tier, and comparison with alternatives.

Compliance Automation Platforms Customer Trust and Security Questionnaire Platforms Enterprise GRC Platforms Privacy and Consent Management Platforms Security Compliance and DevSecOps Platforms Third-Party Risk Management (TPRM) Platforms

Find an Auditor

Search 74+ accredited compliance audit firms worldwide. Filter by name, location, frameworks, and budget — or let us match you for free.

Browse auditors Get matched free

United States United Kingdom European Union India Singapore Australia UAE Canada

Learn Compliance — Free

Structured learning paths for every major framework. Built by compliance experts, free forever.

Start learning Glossary

Trusted by compliance teams at 500+ companies

How we score tools

Independent & Unsponsored