| ISO 27001-2013 | International or National Standard | 40 | 187 | 11 |
| NIST SP 800-53 R5 | International or National Standard | 29 | 9 | 5 |
| EU General Data Protection Regulation (GDPR) | Regulation or Statute | 23 | 164 | 10 |
| NIST CSF 1.1 | International or National Standard | 17 | 34 | 13 |
| Sarbanes-Oxley Act of 2002 | Bill or Act | 17 | 2 | 3 |
| CIS Controls, V8 | Best Practice Guideline | 15 | 0 | 1 |
| PCI DSS Requirements and Security Assessment Procedures | Contractual Obligation | 15 | 147 | 4 |
| CobiT | Safe Harbor | 14 | 162 | 1 |
| NIST SP 800-171, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations | International or National Standard | 14 | 4 | 2 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Moderate Impact Baseline, October 2020 | International or National Standard | 13 | 3 | 0 |
| Payment Card Industry (PCI) Data Security Standard, Requirements and Security Assessment Procedures, Version 3.2.1 | Contractual Obligation | 13 | 4 | 3 |
| ISO/IEC 27701:2019 | International or National Standard | 12 | 12 | 3 |
| MAS TRM | Contractual Obligation | 12 | 36 | 0 |
| HIPAA | Bill or Act | 11 | 10 | 5 |
| hipaa security rule | Regulation or Statute | 11 | 5 | 1 |
| ISO/IEC 27002:2013(E) | International or National Standard | 11 | 139 | 7 |
| SOC2 | Safe Harbor | 11 | 0 | 0 |
| MAS Guidelines on Outsourcing | Bill or Act | 10 | 0 | 0 |
| MAS-TRMG-2021 | Contractual Obligation | 10 | 3 | 0 |
| NIST CSF 1.0 | International or National Standard | 10 | 11 | 2 |
| Notice on Cyber Hygiene | Bill or Act | 10 | 0 | 0 |
| Notice on Technology Risk Management, Notice No. CMG-N02 | Self-Regulatory Body Requirement | 10 | 38 | 0 |
| Singapore Personal Data Protection Act 2012 | Regulation or Statute | 10 | 1 | 0 |
| Singapore(PDPC) Guide to Securing Personal Data in Electronic Medium | Best Practice Guideline | 10 | 1 | 0 |
| AICPA Reporting on Controls at a Service Organization SOC-2 | Safe Harbor | 9 | 137 | 4 |
| Gramm Leach Bliley | Bill or Act | 9 | 0 | 1 |
| NIST SP 800-37r2 | International or National Standard | 9 | 10 | 4 |
| FedRAMP Security Controls Baseline, 2018 | Audit Guideline | 8 | 1 | 4 |
| ISO 27002 | International or National Standard | 8 | 7 | 2 |
| ISO 9001:2015 | International or National Standard | 8 | 18 | 2 |
| Notice No.: CMG-N02, Notice On Technology Risk Management | Self-Regulatory Body Requirement | 8 | 2 | 0 |
| PCI SAQ A v3.2 | Contractual Obligation | 8 | 6 | 3 |
| Singapore Corporate Governance | Regulation or Statute | 8 | 6 | 0 |
| Singapore Personal Data Protection Act 2012 (No. 26 of 2012) Revised Edition 2021 | Regulation or Statute | 8 | 0 | 0 |
| CMMC Level 1 | Best Practice Guideline | 7 | 4 | 2 |
| CMMC Level 3 | Best Practice Guideline | 7 | 4 | 3 |
| COBIT 2019 | Safe Harbor | 7 | 5 | 2 |
| ISO 22301- Societal Security - Business Continuity Management Systems - Requirements | International or National Standard | 7 | 13 | 0 |
| ISO 27005 R 2011 | International or National Standard | 7 | 12 | 3 |
| NIST SP 800-171 | International or National Standard | 7 | 3 | 1 |
| PCI DSS 3.0 Requirements | Self-Regulatory Body Requirement | 7 | 95 | 1 |
| PCI DSS Testing Procedures v3.2 | Contractual Obligation | 7 | 24 | 2 |
| TSP Section 100: 2017 Trust Services Criteria for Security, Availability, Processing Integrity, Confidentiality, and Privacy | Self-Regulatory Body Requirement | 7 | 4 | 2 |
| 23 NYCRR 500 | Regulation or Statute | 6 | 9 | 3 |
| California Consumer Privacy Act of 2018 | Bill or Act | 6 | 39 | 1 |
| CMMC Level 5 | Best Practice Guideline | 6 | 2 | 0 |
| Control Baselines for Information Systems and Organizations, NIST Special Publication 800-53B, Privacy Control Baseline, October 2020 | International or National Standard | 6 | 5 | 3 |
| ITIL Foundation 4 | Best Practice Guideline | 6 | 0 | 0 |
| NIST Privacy Framework | International or National Standard | 6 | 9 | 2 |
| NIST SP 800-53 R4 | International or National Standard | 6 | 4 | 3 |
