| ISO 27001-2013 | International or National Standard | 44 | 211 | 25 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 27 | 168 | 9 |
| NIST SP 800-53 R4 | International or National Standard | 25 | 147 | 15 |
| NIST CSF 1.1 | International or National Standard | 24 | 11 | 2 |
| ISO 27002 | International or National Standard | 16 | 11 | 8 |
| NIST SP 800-53 R4 High Impact | International or National Standard | 16 | 177 | 9 |
| NIST SP 800-53 R4 Moderate Impact | International or National Standard | 16 | 70 | 10 |
| Sarbanes Oxley SOX | Regulation or Statute | 16 | 164 | 17 |
| CIS Controls V7 | Best Practice Guideline | 14 | 10 | 1 |
| FFIEC CAT | Best Practice Guideline | 13 | 10 | 3 |
| NIST SP 800-53 R4 Low Impact | International or National Standard | 13 | 59 | 9 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 13 | 164 | 13 |
| Cloud Controls Matrix, Version 3.0 | Self-Regulatory Body Requirement | 12 | 11 | 1 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 11 | 136 | 7 |
| California Consumer Privacy Act of 2018 | Bill or Act | 11 | 28 | 0 |
| Canada Privacy Policy Principles | Regulation or Statute | 11 | 4 | 3 |
| China Personal Data Ordinance of Hong Kong 2 | Regulation or Statute | 11 | 14 | 3 |
| ISO/IEC 27701:2019 | International or National Standard | 11 | 2 | 0 |
| NIST SP 800 66 | Safe Harbor | 11 | 14 | 5 |
| FedRAMP Baseline Security Controls | Audit Guideline | 10 | 133 | 5 |
| HIPAA | Bill or Act | 10 | 111 | 9 |
| India Indian Info Privacy Act | Regulation or Statute | 10 | 15 | 0 |
| Canada Personal Information Protection Electronic Documents Act | Regulation or Statute | 9 | 6 | 4 |
| HIPAA Electronic Health Record Technology | Regulation or Statute | 9 | 8 | 4 |
| NIST SP 800-171 | International or National Standard | 9 | 7 | 3 |
| Red Book (Condensed) | International or National Standard | 9 | 5 | 3 |
| Australian Government Information Security Manual Controls | International or National Standard | 8 | 8 | 3 |
| Brazilian General Data Protection Law (LGPD) | Bill or Act | 8 | 0 | 0 |
| CobiT | Safe Harbor | 8 | 185 | 6 |
| Japan Handbook on the Protection of Personal Data | Regulation or Statute | 8 | 2 | 0 |
| Japan Personal Information Protection Act | Regulation or Statute | 8 | 5 | 3 |
| MAS TRM | Contractual Obligation | 8 | 32 | 0 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 8 | 7 | 2 |
| NIST SP 800-53 | International or National Standard | 8 | 12 | 3 |
| CIS 20 Critical Security Controls | Best Practice Guideline | 7 | 9 | 2 |
| EU 8th Directive | Regulation or Statute | 7 | 12 | 6 |
| HKMA General Principles for Technology Risk Management | Regulation or Statute | 7 | 9 | 0 |
| HKMA Supervisory Policy Manual TM-G-2 Business Continuity Planning | Contractual Obligation | 7 | 17 | 0 |
| ISF Standard of Good Practice 2013 | Best Practice Guideline | 7 | 10 | 2 |
| ISO 20000-1 2nd Ed | International or National Standard | 7 | 43 | 4 |
| ISO 20000-2 R 2005 | International or National Standard | 7 | 42 | 4 |
| ISO/IEC 27002:2013(E) | International or National Standard | 7 | 172 | 17 |
| Notice on Technology Risk Management, Notice No. CMG-N02 | Self-Regulatory Body Requirement | 7 | 38 | 0 |
| Risk Management of E-banking | Contractual Obligation | 7 | 9 | 0 |
| Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium | Best Practice Guideline | 7 | 0 | 0 |
| SWIFT Customer Security Controls Framework | Best Practice Guideline | 7 | 1 | 0 |
| AICPA Privacy | Safe Harbor | 6 | 7 | 0 |
| APRA PPG 234 | Safe Harbor | 6 | 13 | 1 |
| Argentina Personal Data Protection Act | Regulation or Statute | 6 | 5 | 5 |
| Cloud Security Alliance CCM V1.3 | Best Practice Guideline | 6 | 16 | 6 |
