Manage compliance and risk at scale

Made in Europe. Designed for Growing Teams.

How PAM Works for OT

A short demo that shows how to protect your industrial systems and meet compliance requirements, in a simple, practical way.

Customize your demo

Protect your reputation, wallet, and data

Understand the regulations that apply to you

Below are key standards, frameworks, and regulations that organizations must adhere to based on their industry and operational scope. Ensuring compliance with industry regulations is critical for security, risk management, and operational resilience.

GDPR

GDPR (General Data Protection Regulation)

GDPR is a comprehensive data protection regulation that enforces strict rules on organizations handling personal data of EU citizens.

Industry: All organizations processing personal data of EU residents, regardless of location or industry

Key Focus: Safeguarding personal data, enforcing privacy rights, and ensuring compliance with data breach notification requirements

Region: European Union (EU), but applies globally to any organization handling EU citizens’ data

Learn more here.

ISO 27001

ISO 27001 (Information Security Management System – ISMS)

ISO 27001 is an internationally recognized standard for establishing, maintaining, and improving an Information Security Management System (ISMS).

Industry: Any organization seeking to implement a structured information security management system (ISMS)

Key Focus: Managing cybersecurity risks and protecting sensitive information through an internationally recognized framework

Region: Global (voluntary but widely adopted for compliance and business requirements)

Learn more here.

PCI DSS

PCI DSS (Payment Card Industry Data Security Standard)

PCI DSS is a global security standard that establishes strict requirements for organizations processing payment card transactions.

Industry: Organizations handling payment card transactions (merchants, payment processors, banks)

Key Focus: Securing payment data, preventing fraud, and enforcing encryption and access controls for cardholder information

Region: Global (mandatory for businesses processing credit card payments)

Learn more here.

BASEL III

Basel III (Basel Accords)

Basel III is an international regulatory framework developed to strengthen the stability of the banking sector.

Industry: Banking & Financial Institutions (primarily internationally active banks)

Key Focus: Strengthening capital requirements, enhancing risk management, and ensuring liquidity to mitigate financial crises

Region: Global, with primary enforcement in Basel Committee member countries (e.g., EU, US, Japan)

Learn more here.

HIPAA-HITECH

HIPAA-HITECH (Health Insurance Portability and Accountability Act – Health Information Technology for Economic and Clinical Health Act)

HIPAA, expanded by HITECH, establishes stringent privacy and security requirements for healthcare data in the U.S.

Industry: Healthcare providers, insurers, healthcare clearinghouses, and business associates handling Protected Health Information (PHI)

Key Focus: Securing patient data, ensuring privacy, and enforcing health information protection standards

Region: United States (US)

Learn more here.

DORA

DORA (Digital Operational Resilience Act)

DORA is a European Union regulation aimed at enhancing the cybersecurity and resilience of financial institutions.

Industry: Financial sector (banks, insurance firms, investment companies, critical third-party providers)

Key Focus: Enhancing ICT risk management, cybersecurity, and operational resilience in financial services

Region: European Union (EU)

Learn more here.

NIS/NIS2 Directive

NIS/NIS2 Directive (Network and Information Security Directive)

NIS and its updated version, NIS2, set cybersecurity regulations for critical infrastructure and digital service providers in the EU.

Industry: Critical infrastructure sectors (energy, transport, healthcare) and digital service providers (cloud services, online marketplaces)

Key Focus: Strengthening cybersecurity, enhancing risk management, and ensuring resilience of essential services

Region: European Union (EU)

Learn more here.

SOLVENCY II

SOLVENCY II

Solvency II is a European Union regulatory framework for insurance and reinsurance firms, ensuring financial stability through risk-based capital requirements, governance, and transparency measures.

Industry: Insurance and reinsurance companies operating in the EU

Key Focus: Strengthening financial stability, implementing risk-based capital requirements, and ensuring policyholder protection

Region: European Union (EU)

Learn more here.

SCHREMS II

SCHREMS II

Schrems II is a landmark EU court ruling that invalidated the EU-U.S. Privacy Shield framework, tightening regulations on cross-border data transfers and ensuring companies provide equivalent data protection standards.

Industry: Organizations transferring personal data between the EU and third countries (e.g., US-based tech companies, cloud providers)

Key Focus: Enforcing GDPR compliance for international data transfers and ensuring adequate protection in third countries

Region: European Union (EU), with global implications for companies handling EU data

Learn more here.

ISA/IEC 62443

ISA/IEC 62443 (International Electrotechnical Commission)

ISA/IEC 62443 is a globally recognized set of cybersecurity standards designed to secure industrial automation and control systems (IACS).

Industry: Industrial automation and control systems (IACS), including manufacturing, oil & gas, and utilities

Key Focus: Defining security levels for OT environments, segmenting networks, and securing industrial control systems (ICS)

Region: Global (widely adopted international standard)

Learn more here.

German IT Security Act

German IT Security Act (IT-Sicherheitsgesetz)

The German IT Security Act imposes strict cybersecurity requirements on critical infrastructure operators, ensuring robust security measures, incident reporting, and periodic audits to safeguard national digital infrastructure.

Industry: Critical infrastructure sectors in Germany (energy, healthcare, finance, telecommunications)

Key Focus: Enhancing cybersecurity in industrial sectors, requiring incident reporting, and enforcing security audits

Region: Germany

Learn more here.

NERC CIP

NERC CIP (North American Electric Reliability Corporation Critical Infrastructure Protection)

NERC CIP establishes cybersecurity standards for the power grid and energy sector in North America, ensuring the resilience of critical electric infrastructure against cyber threats and operational risks.

Industry: Power grid and energy sector (electric utilities, grid operators, and power generation companies)

Key Focus: Protecting Bulk Electric System (BES) from cyber threats, enforcing risk assessments, and requiring strict access controls

Region: United States, Canada

Learn more here.

Customize your demo

Recognized by industry-leading analysts

Recommended Resources

READ MORE

Infographic: Ensuring NIS Directive Security Compliance with WALLIX

AUDIT & COMPLIANCE • BLOGPOST
READ MORE

Privileged Access Management: Key to Compliance with the NIS/NIS2 Directives

AUDIT & COMPLIANCE • WHITEPAPER
READ MORE

How PAM Enables IEC 62443 Implementation

AUDIT & COMPLIANCE • BLOGPOST • INDUSTRY • PRIVILEGED ACCESS MANAGEMENT
READ MORE

The CISO’s Guide to Security Compliance (with PAM)

AUDIT & COMPLIANCE • BLOGPOST • PRIVILEGED ACCESS MANAGEMENT
READ MORE

Mapping PAM to Security Standards for Compliance

AUDIT & COMPLIANCE • BLOGPOST • PRIVILEGED ACCESS MANAGEMENT

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.

Cookie	Duration	Description
__hstc	1 year 24 days	This cookie is set by Hubspot and is used for tracking visitors. It contains the domain, utk, initial timestamp (first visit), last timestamp (last visit), current timestamp (this visit), and session number (increments for each subsequent session).
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form.
hubspotutk	1 year 24 days	This cookie is used by HubSpot to keep track of the visitors to the website. This cookie is passed to Hubspot on form submission and used when deduplicating contacts.
trackalyzer	1 year	This cookie is used by Leadlander. The cookie is used to analyse the website visitors and monitor traffic patterns.

Cookie	Duration	Description
__hssc	30 minutes	This cookie is set by HubSpot. The purpose of the cookie is to keep track of sessions. This is used to determine if HubSpot should increment the session number and timestamps in the __hstc cookie. It contains the domain, viewCount (increments each pageView in a session), and session start timestamp.
bcookie	2 years	This cookie is set by linkedIn. The purpose of the cookie is to enable LinkedIn functionalities on the page.
lang	session	This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website.
lidc	1 day	This cookie is set by LinkedIn and used for routing.
messagesUtk	1 year 24 days	This cookie is set by hubspot. This cookie is used to recognize the user who have chatted using the messages tool. This cookies is stored if the user leaves before they are added as a contact. If the returning user visits again with this cookie on the browser, the chat history with the user will be loaded.

Cookie	Duration	Description
__cfduid	1 month	The cookie is used by cdn services like CloudFare to identify individual clients behind a shared IP address and apply security settings on a per-client basis. It does not correspond to any user ID in the web application and does not store any personally identifiable information.
__hssrc	session	This cookie is set by Hubspot. According to their documentation, whenever HubSpot changes the session cookie, this cookie is also set to determine if the visitor has restarted their browser. If this cookie does not exist when HubSpot manages cookies, it is considered a new session.
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
JSESSIONID	session	Used by sites written in JSP. General purpose platform session cookies that are used to maintain users' state across page requests.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_gat_UA-12183334-1	1 minute	No description
AnalyticsSyncHistory	1 month	No description
CONSENT	16 years 9 months 23 days 12 hours 13 minutes	No description
UserMatchHistory	1 month	Linkedin - Used to track visitors on multiple websites, in order to present relevant advertisement based on the visitor's preferences.
wp-wpml_current_language	1 day	No description

Manage compliance and risk at scale

How PAM Works for OT

Protect your reputation, wallet, and data

Understand the regulations that apply to you

Recognized by industry-leading analysts

Recommended Resources

PRODUCTS

RESOURCES

SUPPORT

ABOUT

FOLLOW US