The Frameworks and Regulations included in the PolicyCo platform contain all of the baseline external controls/regulatory requirements for your organization to remain in compliance. Each external control/regulatory requirement has a complete description.

By default, PolicyCo will associate the labels in the platform as a Framework(s) and Controls. However, these label is dynamic and Framework(s) can be updated to Regulation(s) and Control(s) can be updated to Regulatory Requirements in the Settings to meet industry terminology standards.

Frameworks and Regulations currently include:

  • 23 NYCRR PART 500

  • 25 USC

  • 42 CFR 438

  • 42 CFR 455

  • 42 CFR PART 2

  • ACER RRM v2021

  • ADA

  • AK COLLECTION AGENCY v2022

  • AL CCA MINI CODE v2009

  • ALTA REG 143/1996

  • AMF RULE 91-507

  • AMPTA REG D

  • ASBCA RULE v2021

  • ASIC v2013

  • ASIC REPORTING v2013

  • AZ COLLECTION AGENCY

  • AZ LABOR CODE

  • BSA/AML

  • C5 v2020

  • CA 27 CCR

  • CA LABOR CODE

  • CA-BPC

  • CA-DPR

  • CA-HSC

  • CACFP

  • CAIQ v4.0.2

  • CAL/OSHA

  • CALIFORNIA DCC

  • CAN-SPAM

  • CARF ASPIRE v2022

  • CARF BEHAVIORAL HEALTH v2022

  • CARF EMPLOYMENT AND COMMUNITY v2022

  • CCO OREGON MEDICAID CONTRACT

  • CFTC RECORDS

  • CFTC RULE

  • CIS v8

  • CMMC v1.02

  • CO INDUSTRIAL HEMP

  • E-SIGN ACT

  • ECOA REG B

  • EEOC

  • EFTA REG E

  • ESMA v2020

  • FCRA REG V

  • FDCPA REG F

  • FERPA

  • FL LABOR STATUTES

  • FLSA

  • FMLA

  • GDPR v2016

  • GLBA

  • GLBA REG P

  • GOLETA-BLO

  • HHS OIG

  • HIPAA v2013

  • HITRUST v9.1, 9.2, 9.3, 9.4, 9.5.1, 9.6.2

  • HMDA REG C

  • ICA 1940

  • ISO 17025 v2017

  • ISO 22301 v2019-10

  • ISO 27001 v2013

  • ISO 27002 v2013, 2022

  • ISO 27108 v2019-01

  • MAS FORM v2013

  • MI CP 96-101

  • MI RULE 96-101

  • MLA

  • NAEYC v2022

  • NCQA CVO v2022

  • NH MANDATED REPORTER

  • NIST CSF v1.1

  • NIST SP 800-53 v5

  • OAR 309

  • OAR 410

  • OFAC

  • ORS 413

  • ORS 414

  • OSC CP 91-507

  • OSC RULE 91-507

  • OSHA

  • PCI DSS v3.2.1

  • PIPEDA

  • REG U NO 1227/2011 v2022

  • REG EU NO 1348/2014 v2014

  • REG S-T

  • REG SBSR

  • REG SCI

  • RESPA REG X

  • RFPA

  • SAFE REG G AND REG H

  • SBC WEIGHTS AND MEASURES

  • SBC-APCD

  • SBC-BLO

  • SBC-CZO

  • SCRA

  • SEC 85 FR 6270 v2020

  • SEC FORMS

  • SEC REG 17 CFR

  • SFA 2001 PART 2A v2001

  • SOC2 v2017

  • SQF ANIMAL PRODUCT MANUFACTURING v9

  • SQF FOOD MANUFACTURING v9

  • SQF PACKAGING MANUFACTURING v9

  • SQF QUALITY v9

  • SSA 1905

  • SSA 1927

  • TILA REG Z

  • TIS REG DD

  • TX LABOR CODE

  • UDAAP US BANKRUPTCY CODE

  • USDA ORGANIC

  • VT MANDATED REPORTER

  • WATERBOARD v2019

In general, the best practice is to choose the latest version, but it's best to talk with your assessor to be certain. PolicyCo supports adjusting your Framework version without losing any of the work you have done to link to articles so long as there are no meaningful changes in that external control from one version of the Framework to another.

To Add External Controls or Regulatory Requirements:

PolicyCo allows you to add the external controls that are in scope individually, allowing you to remain focused on what matters to your organization.

  • Click Settings

  • Click Frameworks (or Regulations if you have adjusted your Profile labels)

  • Choose the Framework or Regulation

  • Check the external controls that are in scope

    • You can choose to add all, but choose this with care, as if you have already carefully chosen controls, you cannot reverse this action to the previous state.

    • You can choose to use the filter options to narrow down the controls to help find what is most relevant

To Remove External Controls or Regulatory Requirements:

PolicyCo allows to to remove an external control, even if it has been linked to an article. If an external control has been linked to an article, and is removed, PolicyCo will remember this association and if the external control is added back in or updated to the same in a new version of the Framework, the association will remain to prevent extra efforts to re-link.

  • Click Settings

  • Click Frameworks (or Regulations if you have adjusted your Profile labels)

  • Choose the Framework or Regulation

  • Uncheck the external controls that are no longer in scope

    • You can choose to remove all, but choose this with care, as if you have already carefully chosen controls, you cannot reverse this action to the previous state.

    • You can choose to use the filter options to narrow down the controls to help find what is most relevant

Did this answer your question?