This framework consists of standards, guidelines, and best practices to manage cybersecurity-related risk. The cybersecurity framework’s prioritized, flexible, and cost-effective approach helps to promote the protection and resilience of critical infrastructure and other sectors important to the economy and national security.

ISO/IEC 27001 is the best-known standard providing requirements for an information security management system (ISMS).

The SOC 2 report focuses on a business's non-financial reporting controls as they relate to security, availability, processing integrity, confidentiality, and privacy of a system.

IEC 62443 has been developed by both the ISA99 and IEC committees to improve the safety, availability, integrity, and confidentiality of components or systems used in industrial automation and control. IEC 62443 is evolving to become a key standard in the industry, and Schneider Electric is building its cybersecurity strategy around the standard.

COBIT (Control Objectives for Information and Related Technologies) is a best-practice framework created by the international professional association ISACA for information technology (IT) management and governance

Implement your cyber risk management framework and controls, based on industry standard or custom requirements


The framework is divided into three parts: “control”, “subcontrol” and “family”. The “family” contains an array of activities, outcomes and references which detail specific aspects of cyber risk control. The “subcontrol” is used to easily add your policies and controls to every digital asset. Risk control standards include iso 27001, cobit, nist sp 800-53, isa 62443, and the council on cybersecurity critical security controls.

Learn More