We help organisations make the most of their existing services and implement new ones. We advise. We design. We deploy. And we manage. We provide consultancy services from strategic planning through to implementation. The result is faster IT modernisation; innovation, flexibility and agility; scalability; and business growth whilst also controlling costs.

ECCS is a leading independent provider we provide consultancy services from strategic planning through to implementation. The result is faster IT modernisation; innovation, flexibility and agility; scability; and business growth whilst also controlling costs.

Compliance

Home Compliance

Our 20+ Supported Frameworks

At ECCS, we provide specialist compliance advice and services on all aspects of regulation. Our experts work together with new and established providers to help ensure that they are compliant in all areas of their organisation on an ongoing basis.

We assist authorised firms in creating a compliant business framework and maintaining the daily compliance requirements as well as assisting new firms in achieving direct authorisation. We are committed to helping our clients manage their new and ongoing regulatory obligations and educating and empowering staff with compliance training bespoke to the needs of each individual business.  

ECCS control mapping means any compliance framework, standard, or regulation is available at your fingertips — yes, even custom ones you may need to create.

SOC 2

SOC 2

SOC 2 defines criteria for managing data based on: security, availability, processing integrity, confidentiality, and privacy.

ISO 27001

ISO 27001

ISO 27001 is an information security management system (ISMS) that helps keep consumer data safe

HIPAA Badge

HIPAA

HIPAA is a law requiring organizations that handle protected health information (PHI) to keep it protected and secure.

GDPR

GDPR

GDPR is a regulation in EU law on data protection and privacy in the European Union and the European Economic Area.

PCI DSS Badge

PCI DSS

PCI DSS is a set of controls to make sure companies that handle credit card information maintain a secure environment.

Cyber Essentials icon

Cyber Essentials

Cyber Essentials helps companies guard against the most common cyber threats and demonstrate commitment to cyber security.

NIST-AI-RMF-ICON

NIST AI RMF

Safely navigate the implementation and usage of artificial intelligence with this risk management framework.

CCPA Framework Icon

CCPA

CCPA gives consumers control over the personal information that businesses collect and guidance on how to implement the law.

CMMC Badge

CMMC

CMMC is a unified standard for implementing cybersecurity across the defense industrial base (DIB).

MS SSPA Icon

Microsoft SSPA

SSPA sets privacy and security requirements for Microsoft suppliers and drives compliance to these requirements.

NIST CSF

NIST CSF

National Institute of Standards and Technology’s framework for Improving Critical Infrastructure Cybersecurity (CSF).

NIST 800-53 Icon

NIST SP 800-53

NIST SP 800-53 is a catalog of controls for all U.S. federal information systems except those related to national security.

NIST 800-171
NIST SP 800-171

NIST SP 800-171 recommends requirements for protecting the confidentiality of controlled unclassified information (CUI).

ISO 27701

ISO 27701

ISO 27701 specifies requirements for establishing and continually improving a privacy information management system.

FFIEC Icon

FFIEC

The FFIEC provides a set of technology standards for online banking that financial institutions must follow.

Fedramp Logo

FedRAMP

FedRAMP compliance and authorization enables SaaS companies (referred to as CSPs) to work with federal government agencies.

 

CCM

The Cloud Controls Matrix by Cloud Security Alliance (CSA) is a cybersecurity control framework for cloud computing.

 ISO 27017

ISO 27017 contains controls specifically in the area of cloud security.

ISO 27018

ISO 27018 contains controls directed at cloud providers that process personal data.

Custom Frameworks

Tailor Drata to your unique business needs with easy to build custom frameworks and custom controls.

SOC

SOC 1

Rapport sur les contrôles d’une organisation qui sont pertinents pour les rapports financiers d’un utilisateur final. Également connu sous le nom de SSAE 18.

SOC 2

Report on the controls of an organization that are relevant to an end user’s security, confidentiality, availability, processing integrityand privacy..

SOC for Cybersecurity

Framework designed to be flexible and voluntary for organizations in any industry to take a proactive approach to cybersecurity risk management

SOC for Supply Chain

Framework developed by the AICPA that allows manufacturers, producers and distributors to evaluate the effectiveness of their suppliers internal controls environment to mitigate and address the critical risks identified in their specified environment and industry.

ISAE 3000

Report on the controls of an organization that are relevant to an end user’ssecurity reporting, used for international organizations. Typically added on to a SOC 2.

ISAE 3402 and CSAE 3416

Report on the controls of an organization that are relevant to an end user’s financial reporting, used for international organizations. Typically added on to a SOC 1.