ISO/IEC 27001: This is an international standard for information security management systems (ISMS). It provides a systematic approach to managing sensitive company information, ensuring it remains secure.

GDPR (General Data Protection Regulation): While not strictly a security standard, GDPR is a comprehensive data protection law in the European Union that sets strict guidelines for the collection, storage, and processing of personal data.

PCI DSS (Payment Card Industry Data Security Standard): This standard is specific to organizations that handle credit card information. It aims to ensure that companies maintain a secure environment for processing, storing, and transmitting credit card information.

HIPAA (Health Insurance Portability and Accountability Act): This U.S. legislation sets standards for protecting sensitive patient health information. It applies to healthcare providers, health plans, and healthcare clearinghouses.

SOC 2 (Service Organization Control 2): Developed by the American Institute of CPAs (AICPA), SOC 2 is a voluntary compliance standard for service organizations that specifies how organizations should manage customer data.

NIST (National Institute of Standards and Technology) Cybersecurity Framework: This framework provides guidelines for private sector organizations to assess and improve their ability to prevent, detect, and respond to cyber attacks.

FISMA (Federal Information Security Management Act): This U.S. legislation defines a comprehensive framework to protect government information, operations, and assets against natural or human-made threats.

CCPA (California Consumer Privacy Act): While primarily a privacy law, it also includes data security provisions for businesses that collect personal information from California residents.