| ISO 27001-2013 | International or National Standard | 74 | 126 | 21 |
| NIST SP 800-53 R4 | International or National Standard | 50 | 71 | 10 |
| NIST SP 800-53 R4 Moderate Impact | International or National Standard | 40 | 33 | 8 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 36 | 89 | 6 |
| NIST SP 800-53 R4 High Impact | International or National Standard | 34 | 101 | 6 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 34 | 93 | 9 |
| NIST SP 800-53 R4 Low Impact | International or National Standard | 33 | 28 | 6 |
| Sarbanes Oxley SOX | Regulation or Statute | 26 | 94 | 16 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 23 | 7 | 3 |
| ISO/IEC 27002:2013(E) | International or National Standard | 23 | 101 | 17 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 22 | 59 | 6 |
| NIST Cybersecurity Framework | International or National Standard | 21 | 7 | 2 |
| FedRAMP Baseline Security Controls | Audit Guideline | 20 | 55 | 5 |
| ISO/IEC 27017:2015(E) | Self-Regulatory Body Requirement | 20 | 1 | 1 |
| NIST CSF 1.0 | International or National Standard | 18 | 19 | 7 |
| ISO 27002 | International or National Standard | 17 | 11 | 7 |
| 45 CFR Part 164 | Regulation or Statute | 16 | 13 | 6 |
| CIS Controls V7 | Best Practice Guideline | 16 | 0 | 0 |
| Cloud Controls Matrix, Version 3.0 | Self-Regulatory Body Requirement | 16 | 6 | 1 |
| ISO/IEC 27018:2014 | International or National Standard | 16 | 4 | 3 |
| HIPAA | Bill or Act | 15 | 52 | 8 |
| NIST SP 800-53 | International or National Standard | 15 | 9 | 3 |
| 45 CFR Part 160 | Regulation or Statute | 13 | 7 | 1 |
| 45 CFR Part 162 | Regulation or Statute | 13 | 3 | 1 |
| EISP | Organizational Governance Documents | 13 | 0 | 0 |
| FFIEC CAT | Best Practice Guideline | 13 | 2 | 2 |
| Gramm Leach Bliley | Bill or Act | 13 | 12 | 10 |
| 23 NYCRR 500 | Regulation or Statute | 12 | 0 | 6 |
| ISO 27005 R 2011 | International or National Standard | 12 | 11 | 6 |
| NIST CSF 1.1 | International or National Standard | 11 | 1 | 0 |
| PCI DSS Testing Procedures v3.2 | Contractual Obligation | 11 | 3 | 0 |
| NIST SP 800 66 | Safe Harbor | 10 | 9 | 5 |
| California Consumer Privacy Act of 2018 | Bill or Act | 9 | 4 | 0 |
| FFIEC IT Examination Handbook | Audit Guideline | 9 | 0 | 0 |
| HIPAA HCFA | Best Practice Guideline | 9 | 18 | 2 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements | International or National Standard | 9 | 3 | 1 |
| MAS TRM | Contractual Obligation | 9 | 4 | 0 |
| NIST SP 800-171 | International or National Standard | 9 | 5 | 2 |
| PCI SAQ A v3.1 | Contractual Obligation | 9 | 5 | 1 |
| Colorado Revised Statutes, Section 6-1-713, Disposal of Personal Identifying Documents | Regulation or Statute | 8 | 4 | 1 |
| ISO 31000 R 2009 | International or National Standard | 8 | 101 | 4 |
| ISO 9001:2015 | International or National Standard | 8 | 3 | 1 |
| Massachusetts 201 CMR 17.00 Standards for The Protection of Personal Information of Residents of the Commonwealth of Massachusetts | Regulation or Statute | 8 | 9 | 4 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 8 | 1 | 2 |
| AICPA Trust Services Principles and Criteria | Self-Regulatory Body Requirement | 7 | 4 | 1 |
| Australia Privacy Amendment Act | Regulation or Statute | 7 | 15 | 6 |
| Canada Personal Information Protection Electronic Documents Act | Regulation or Statute | 7 | 6 | 4 |
| Florida Statutes, Section 817.5681, Breach of security concerning confidential personal information in third-party possession | Regulation or Statute | 7 | 4 | 0 |
| Germany Data Protection Act | Regulation or Statute | 7 | 5 | 2 |
| Notice on Technology Risk Management, Notice No. CMG-N02 | Self-Regulatory Body Requirement | 7 | 8 | 0 |
