SMALL AND MIDSIZED BUSINESSES SECURITY FRAMEWORKS

An auditing procedure developed by the American Institute of Certified  Public Accountants (AICPA) that ensures service providers are securely  managing data to protect the interests and privacy of their clients. The SOC 2 Type I report focuses on the design of the service organization's controls at a specific point in time while the SOC 2 Type II report includes details on the operational effectiveness of the organization's controls over a defined period (typically, six months to one year).

https://us.aicpa.org/interestareas/frc/assuranceadvisoryservices/aicpasoc2report

A set of security standards designed to ensure that all companies that  accept, process, store or transmit credit card information maintain a  secure environment. https://www.pcisecuritystandards.org/document_library/

The NIST Cybersecurity Framework, created through collaboration between industry and government, consists of standards, guidelines, and practices to promote the protection of critical infrastructure through effective information security management. https://www.nist.gov/cyberframework

FS-ISAC collaborated with members of the Financial Services Sector Coordinating Council (FSSCC) on an automated tool to assist financial institutions of all sizes to collect and score their responses to the Federal Financial Institutions Examination Council’s Cybersecurity Assessment Tool.

 https://fsscc.org/wp-content/uploads/2021/02/FSSCC_ACAT_v2_1.xlsx

ISO/IEC 27001 is the best-known standard in the family providing requirements for an information security management system (ISMS), a systematic approach to managing sensitive company information so that it remains secure. It includes people, processes and IT systems by applying a risk management process., and can help small, medium and large businesses in any sector keep information assets secure.

https://www.iso.org/isoiec-27001-information-security.html