Our growing list of supported compliance accreditations


AssuranceLab now works with 30+ international frameworks, regulations and standards that we can accredit through assurance reports, certifications and audits. These can be self-assessed - singularly or in combination - using our always-free GRC platform, Pillar. Simply sign-up, create your organisation, go into Assessments view, select the standards you want to comply with and follow the assessment questions to see the live identification of your compliance activities and any gaps.


Below is a short explainer of the frameworks and standards we support as an audit firm. As a CA and CPA firm, Certified CSA STAR Auditor, and a certification body for the ISO family of standards, we can offer various accreditations to support your compliance outcomes.


Australian Privacy Act

The Australian Privacy Act governs the handling of personal information in Australia and establishes the Australian Privacy Principles (APPs) that organizations must adhere to when collecting, using, and disclosing personal data.


CBA Tier 1 Vendor Framework

The CBA (Commonwealth Bank of Australia) Tier 1 Vendor Framework outlines the requirements and standards that tier 1 vendors must meet to ensure data security and privacy when providing services to the Commonwealth Bank.


California Consumer Privacy Act

The California Consumer Privacy Act (CCPA) is a privacy law in California, USA, that grants California residents rights and control over their personal information held by businesses and mandates obligations for businesses that process such data.

Consumer Data Right

The Consumer Data Right (CDR) is a legislative, regulatory, and standards framework in Australia that allows consumers to access and share their data securely with trusted third parties for better control and use of their information.



The CIS Critical Security Controls (CIS Controls) are a prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture. 



COBIT 5 is the overarching business and management framework for governance and management of enterprise IT. This volume documents the five principles of COBIT 5 and defines the 7 supporting enablers that form the framework.

CPS 234

CPS 234 is an Australian Prudential Regulation Authority (APRA) standard designed to enhance cybersecurity resilience in the financial industry. It mandates that APRA-regulated entities implement measures to protect against and respond to cyber incidents effectively.

CSA Star

The Cloud Security Alliance (CSA) Security, Trust, Assurance, and Risk (STAR) program provides a framework for assessing cloud service providers' security postures. It allows providers to self-assess and publish their security controls to build trust with customers.



Environmental, Social, and Governance criteria used to evaluate a company's impact on society and the environment. Investors consider ESG factors to assess a company's sustainability and ethical practices.


Essential 8

Essential 8 is a set of cybersecurity controls developed by the Australian Cyber Security Centre (ACSC). It provides prioritized strategies to mitigate the most significant cyber threats, helping organizations strengthen their security posture.


General Data Protection Regulation (GDPR)

GDPR is a comprehensive European Union regulation that governs the protection and privacy of personal data of EU citizens. It outlines strict rules for organizations handling such data and imposes hefty fines for

Global Reporting Initiative

The Global Reporting Initiative (GRI) provides a framework for organizations to report on their sustainability and environmental, social, and governance (ESG) performance. It helps promote transparency and accountability in corporate reporting.

GS 007 - A. Custody

Section A. Custody is a guideline under the Australian Accounting Standards issued by the AUASB (Auditing and Assurance Standards Board). It provides recommendations and best practices for auditors and assurance practitioners when dealing with custody arrangements in financial institutions and other entities.


GS 007 - B. Investment

Section B. Investment Management is a guideline under the Australian Banking Standards (AUSB). It focuses on the management and oversight of investment activities for financial institutions, promoting risk management and compliance.


GS 007 - E. Administration

Section E. Administration is a guideline under the Australian Accounting Standards issued by the AUASB. It provides recommendations and considerations for auditors and assurance practitioners regarding administration and management practices in financial institutions and other entities.


GS 007 - F. Registry

Section F. Registry is a guideline under the Australian Accounting Standards issued by the AUASB. It focuses on the audit and assurance considerations related to registry activities and the maintenance of accurate customer and transactional records in financial institutions and other entities.



The Health Insurance Portability and Accountability Act (HIPAA) is a US law that regulates the security and privacy of protected health information (PHI) in the healthcare industry.


ISO 27001 ISMS

ISO/IEC 27001 is an international standard for Information Security Management Systems (ISMS), providing a systematic approach for managing sensitive company information to keep it secure.


ISO 27001:2013

ISO/IEC 27001:2013 is the previous version of the international standard for ISMS. It outlines the requirements for establishing, implementing, maintaining, and continually improving an ISMS.


ISO 27001:2022

ISO/IEC 27001:2022 is the latest version of the international standard for ISMS, providing updated guidelines for effective information security management.


ISO 27017

ISO/IEC 27017 is a code of practice for cloud service providers, offering guidelines for implementing information security controls tailored to cloud computing environments.


ISO 27701

ISO/IEC 27701 is a privacy extension to ISO 27001, providing guidance for establishing, implementing, maintaining, and continually improving a Privacy Information Management System (PIMS).


Modern Slavery

Modern Slavery refers to various forms of exploitation, including forced labor and human trafficking. Efforts to combat modern slavery aim to protect vulnerable individuals from being exploited and promote fair and ethical labor practices.



Minimum Viable Security Practices are foundational security measures that organizations should implement to establish a baseline level of security.



The National Institute of Standards and Technology (NIST) Cybersecurity Framework provides a set of guidelines and best practices to help organizations manage and reduce cybersecurity risks effectively.


New Zealand Privacy Act

The New Zealand Privacy Act dictates the requirements for handling consumer data in New Zealand to protect the privacy rights of individuals.



The Payment Card Industry Data Security Standard (PCI-DSS) version 4.0 is a set of security standards that organizations must follow when processing, transmitting, or storing payment card data to ensure the protection of cardholders' information.



SOC 1 (Service Organization Control 1) reports focus on controls relevant to financial reporting, including SOX (Sarbanes-Oxley) IT General Controls (ITGC) that are essential for financial compliance.



SOC 2 reports assess the effectiveness of a service provider's controls related to security, availability, processing integrity, confidentiality, and privacy.

  • SOC 2 Availability: SOC 2 Availability focuses on the evaluation of a service provider's systems to ensure they are available and accessible as agreed upon with customers.
  • SOC 2 Confidentiality: SOC 2 Confidentiality assesses how well a service provider safeguards confidential information and sensitive data.
  • SOC 2 Privacy: SOC 2 Privacy evaluates the protection, collection, use, retention, and disposal of personal information in accordance with the organization's privacy policies.
  • SOC 2 Processing Integrity: SOC 2 Processing Integrity assesses whether the service provider's processing activities are accurate, complete, and timely.


The United Nations Sustainable Development Goals (SDGs) are a set of 17 global goals aiming to address various social, economic, and environmental challenges to achieve a more sustainable future for all.


Some additional information in one line