COMPLIANCE GUIDES

Understand Your Compliance Requirements

Not sure which regulations apply to your business? Browse our framework guides to understand what's required, who needs it, and how ComplyZen can help.

🏥

HIPAA

Health Insurance Portability and Accountability Act

Required for any business that handles protected health information (PHI). Covers healthcare providers, health plans, and their business associates.

Who needs this: Healthcare providers, health tech companies, medical billing, telehealth platforms, health insurance

Industry Checklists

Auto InsuranceBeauty & SalonsBiotechnologyChildcareClinical Research OrganizationsDefense ContractorsDental PracticesEdTechERP SystemsFitness & WellnessFuneral ServicesGene Therapy & CRISPRGovernmentGyms & Health ClubsHealth InsuranceHealthcareHome Health AgenciesHR TechInsuranceK-12 SchoolsLaboratories & DiagnosticsLaw FirmsLife InsuranceMedical Device CompaniesMental HealthMunicipalitiesNonprofitsNursing Homes & Elder CareOptometry & Vision CarePharmaciesPhysical Therapy ClinicsReligious OrganizationsSports Leagues & TeamsStaffing AgenciesSubstance Abuse TreatmentTelemedicine PlatformsTribal OrganizationsUniversities & CollegesVeterinaryVirtual Reality & AR
🔒

SOC 2

Service Organization Control 2

A trust-based security framework for service organizations. Demonstrates your company handles customer data securely. Often required by enterprise clients.

Who needs this: SaaS companies, cloud service providers, data centers, IT managed services, fintech

🇪🇺

GDPR

General Data Protection Regulation

The EU's comprehensive data protection regulation. Applies to any business that processes personal data of EU residents, regardless of where the business is located.

Who needs this: Any business with EU customers or users, e-commerce, SaaS, marketing platforms

Industry Checklists

3D Printing ServicesAccounting FirmsAdTech & ProgrammaticAgricultureAI & Machine LearningAPI & Integration PlatformsAppraisal ServicesArchitecture FirmsAuction PlatformsAuto InsuranceAutomotiveAviationBankingBeauty & SalonsBiotechnologyBlockchain InfrastructureCannabis & CBDChildcareClean TechnologyCleaning ServicesClinical Research OrganizationsCloud Hosting & InfrastructureConstructionConsultingCredit UnionsCRM PlatformsCrypto & Web3Cyber InsuranceCybersecurity CompaniesData Analytics & BIDebt CollectionDefense ContractorsDental PracticesDeveloper ToolsDrone ServicesDropshipping & FulfillmentE-commerceEdTechEnergyEngineering FirmsERP SystemsEV Charging NetworksEvent ManagementExecutive Search FirmsFintechFitness & WellnessFood ManufacturingFoundations & GrantmakersFuneral ServicesGamingGene Therapy & CRISPRGovernmentGrocery & Food DeliveryGyms & Health ClubsHealth InsuranceHealthcareHedge Funds & Private EquityHome Health AgenciesHome ServicesHR TechIdentity & Access ManagementInsuranceIoT & Connected DevicesK-12 SchoolsLaboratories & DiagnosticsLaw FirmsLegal TechLife InsuranceLogisticsLuxury RetailManufacturingMaritime & ShippingMarketing AgenciesMarketing TechnologyMedia & PublishingMedical Device CompaniesMental HealthMortgage BrokersMortgage CompaniesMoving & RelocationMunicipalitiesMusic IndustryNonprofitsNotary & Title ServicesNursing Homes & Elder CareOnline Learning PlatformsOnline MarketplacesOptometry & Vision CarePatent & IP FirmsPayment ProcessorsPet ServicesPharmaciesPhotography & VideographyPhysical Therapy ClinicsPodcasting PlatformsPolitical OrganizationsPrivate InvestigatorsProperty ManagementPublic Relations FirmsPublic UtilitiesQuantum ComputingReal EstateReligious OrganizationsRestaurantsRetailRide-Sharing & MobilityRobotics & AutomationSaaS CompaniesSelf-Storage FacilitiesSocial Media PlatformsSpace & Satellite TechnologySports BettingSports Leagues & TeamsStaffing AgenciesStreaming ServicesSubscription Box ServicesSubstance Abuse TreatmentTax PreparationTelecommunicationsTelemedicine PlatformsTest PreparationTitle & EscrowTranslation & LocalizationTravel & HospitalityTribal OrganizationsTrucking & FreightTutoring ServicesUniversities & CollegesVeterinaryVirtual Reality & ARWealth ManagementWedding & EventsWine & Spirits
🌴

CCPA / CPRA

California Consumer Privacy Act / California Privacy Rights Act

California's landmark privacy law giving residents rights over their personal data. Applies to businesses meeting certain revenue or data processing thresholds.

Who needs this: Businesses with California customers, especially those with $25M+ revenue or handling 100K+ consumers' data

Industry Checklists

3D Printing ServicesAccounting FirmsAdTech & ProgrammaticAgricultureAI & Machine LearningAppraisal ServicesArchitecture FirmsAuction PlatformsAuto InsuranceAutomotiveAviationBeauty & SalonsBiotechnologyCannabis & CBDChildcareClean TechnologyCleaning ServicesClinical Research OrganizationsCloud Hosting & InfrastructureConstructionConsultingCredit UnionsCRM PlatformsCrypto & Web3Cyber InsuranceData Analytics & BIDebt CollectionDefense ContractorsDental PracticesDrone ServicesDropshipping & FulfillmentDry Cleaning & LaundryE-commerceEdTechEnergyEngineering FirmsEV Charging NetworksEvent ManagementExecutive Search FirmsFintechFitness & WellnessFood ManufacturingFoundations & GrantmakersFuneral ServicesGamingGene Therapy & CRISPRGovernmentGrocery & Food DeliveryGyms & Health ClubsHealthcareHome Health AgenciesHome ServicesHR TechInsuranceIoT & Connected DevicesK-12 SchoolsLaboratories & DiagnosticsLaw FirmsLegal TechLife InsuranceLogisticsLuxury RetailManufacturingMaritime & ShippingMarketing AgenciesMarketing TechnologyMedia & PublishingMental HealthMortgage BrokersMortgage CompaniesMoving & RelocationMunicipalitiesMusic IndustryNonprofitsNotary & Title ServicesNursing Homes & Elder CareOnline Learning PlatformsOnline MarketplacesOptometry & Vision CarePatent & IP FirmsPet ServicesPharmaciesPhotography & VideographyPhysical Therapy ClinicsPodcasting PlatformsPolitical OrganizationsPrivate InvestigatorsProperty ManagementPublic Relations FirmsPublic UtilitiesQuantum ComputingReal EstateReligious OrganizationsRestaurantsRetailRide-Sharing & MobilityRobotics & AutomationSaaS CompaniesSelf-Storage FacilitiesSocial Media PlatformsSpace & Satellite TechnologySports BettingSports Leagues & TeamsStaffing AgenciesStreaming ServicesSubscription Box ServicesSubstance Abuse TreatmentTax PreparationTelecommunicationsTelemedicine PlatformsTest PreparationTitle & EscrowTranslation & LocalizationTravel & HospitalityTribal OrganizationsTrucking & FreightTutoring ServicesUniversities & CollegesVeterinaryVirtual Reality & ARWealth ManagementWedding & EventsWine & Spirits
💳

PCI DSS

Payment Card Industry Data Security Standard

Required for any business that stores, processes, or transmits credit card data. Ensures secure handling of cardholder information.

Who needs this: E-commerce, retail, restaurants, subscription services, payment processors

Industry Checklists

3D Printing ServicesAccounting FirmsAdTech & ProgrammaticAppraisal ServicesArchitecture FirmsAuction PlatformsAuto InsuranceAutomotiveAviationBankingBeauty & SalonsBiotechnologyCannabis & CBDClean TechnologyCleaning ServicesClinical Research OrganizationsCredit UnionsCrypto & Web3Cyber InsuranceDebt CollectionDefense ContractorsDental PracticesDrone ServicesDropshipping & FulfillmentDry Cleaning & LaundryE-commerceEnergyEngineering FirmsEV Charging NetworksEvent ManagementExecutive Search FirmsFintechFitness & WellnessFood ManufacturingFoundations & GrantmakersFuneral ServicesGamingGene Therapy & CRISPRGovernmentGrocery & Food DeliveryGyms & Health ClubsHome Health AgenciesHome ServicesInsuranceLaboratories & DiagnosticsLaw FirmsLife InsuranceLogisticsLuxury RetailMaritime & ShippingMarketing AgenciesMedia & PublishingMortgage BrokersMortgage CompaniesMoving & RelocationMunicipalitiesMusic IndustryNursing Homes & Elder CareOnline Learning PlatformsOnline MarketplacesOptometry & Vision CarePayment ProcessorsPet ServicesPharmaciesPhotography & VideographyPhysical Therapy ClinicsPodcasting PlatformsPolitical OrganizationsProperty ManagementPublic UtilitiesQuantum ComputingReal EstateReligious OrganizationsRestaurantsRetailRide-Sharing & MobilityRobotics & AutomationSaaS CompaniesSelf-Storage FacilitiesSocial Media PlatformsSpace & Satellite TechnologySports BettingSports Leagues & TeamsStreaming ServicesSubscription Box ServicesSubstance Abuse TreatmentTax PreparationTelecommunicationsTelemedicine PlatformsTest PreparationTitle & EscrowTranslation & LocalizationTravel & HospitalityTribal OrganizationsTrucking & FreightTutoring ServicesUniversities & CollegesVeterinaryVirtual Reality & ARWealth ManagementWedding & EventsWine & Spirits
🌍

ISO 27001

International Organization for Standardization 27001

The international standard for information security management systems (ISMS). Provides a systematic approach to managing sensitive company and customer information.

Who needs this: Technology companies, financial services, government contractors, global enterprises

Industry Checklists

3D Printing ServicesAccounting FirmsAdTech & ProgrammaticAgricultureAI & Machine LearningAPI & Integration PlatformsArchitecture FirmsAuto InsuranceAutomotiveAviationBankingBiotechnologyBlockchain InfrastructureCannabis & CBDClean TechnologyClinical Research OrganizationsCloud Hosting & InfrastructureConstructionConsultingCredit UnionsCrypto & Web3Cyber InsuranceCybersecurity CompaniesData Analytics & BIDebt CollectionDefense ContractorsDeveloper ToolsDrone ServicesDropshipping & FulfillmentE-commerceEdTechEnergyEngineering FirmsERP SystemsEV Charging NetworksEvent ManagementExecutive Search FirmsFintechFood ManufacturingFoundations & GrantmakersGamingGene Therapy & CRISPRGovernmentGyms & Health ClubsHealthcareHedge Funds & Private EquityHR TechIdentity & Access ManagementInsuranceIoT & Connected DevicesK-12 SchoolsLaboratories & DiagnosticsLaw FirmsLegal TechLife InsuranceLogisticsLuxury RetailManufacturingMaritime & ShippingMarketing AgenciesMedia & PublishingMedical Device CompaniesMortgage BrokersMortgage CompaniesMunicipalitiesNotary & Title ServicesOnline Learning PlatformsPatent & IP FirmsPayment ProcessorsProperty ManagementPublic Relations FirmsPublic UtilitiesQuantum ComputingRetailRide-Sharing & MobilityRobotics & AutomationSaaS CompaniesSocial Media PlatformsSpace & Satellite TechnologySports BettingSports Leagues & TeamsStaffing AgenciesStreaming ServicesSubscription Box ServicesTax PreparationTelecommunicationsTelemedicine PlatformsTest PreparationTitle & EscrowTranslation & LocalizationTravel & HospitalityTribal OrganizationsTrucking & FreightUniversities & CollegesVirtual Reality & ARWealth Management
🛡️

NIST CSF

National Institute of Standards and Technology Cybersecurity Framework

A voluntary framework providing guidelines for managing cybersecurity risk. Widely adopted across industries as a best-practice framework.

Who needs this: Government contractors, critical infrastructure, financial services, healthcare

🏦

DORA

Digital Operational Resilience Act

EU regulation ensuring financial sector entities can withstand, respond to, and recover from ICT-related disruptions and threats.

Who needs this: Banks, insurance companies, investment firms, fintech, and ICT service providers operating in the EU

Industry Checklists

BankingBiotechnologyBlockchain InfrastructureCredit UnionsCrypto & Web3Cyber InsuranceFintechHedge Funds & Private EquityInsuranceLife InsuranceTelecommunicationsWealth Management

STATE GUIDES

Compliance by State

Every state has different privacy laws and compliance requirements. Find your state's specific obligations.

AlabamaAlaskaArizonaArkansasCaliforniaColoradoConnecticutDelawareFloridaGeorgiaHawaiiIdahoIllinoisIndianaIowaKansasKentuckyLouisianaMaineMarylandMassachusettsMichiganMinnesotaMississippiMissouriMontanaNebraskaNevadaNew HampshireNew JerseyNew MexicoNew YorkNorth CarolinaNorth DakotaOhioOklahomaOregonPennsylvaniaRhode IslandSouth CarolinaSouth DakotaTennesseeTexasUtahVermontVirginiaWashingtonWest VirginiaWisconsinWyoming

Not sure which frameworks apply to you?

Our AI assessment wizard analyzes your industry, data types, and operating regions to tell you exactly which regulations you need to comply with.

Run Free Assessment →