Regulation library
A practical GRC library for regulated teams.
Each page explains what the regulation covers, who it applies to, what obligations teams need to operationalize, what evidence auditors and regulators typically expect, and how Halbarad helps automate the work.
Start here
Common regulatory workflows.
These pages cover the regimes most often tied to compliance operations, outsourcing, ICT risk, privacy, cybersecurity, operational resilience, AI governance, and regulator-ready evidence.
United States
US Interagency TPRM
Outsourcing and third-party governance
Canada
OSFI B-10
Outsourcing and third-party governance
UK / EU
PRA SS2/21
Outsourcing and third-party governance
UK / EU
EU DORA ICT TPRM
Technology, ICT, and cyber dependency
Singapore
MAS TPRM
Outsourcing and third-party governance
India
RBI IT Outsourcing
Outsourcing and third-party governance
APAC
APRA CPS 230
Operational resilience and continuity
UAE / ADGM / CBUAE
CBUAE TPRM
Outsourcing and third-party governance
Full catalog
Browse every regulation page.
United States
US Interagency TPRM
Outsourcing and third-party governance
OCC TPRM
Outsourcing and third-party governance
FFIEC Outsourcing & TSPs
Technology, ICT, and cyber dependency
NYDFS 23 NYCRR 500
Technology, ICT, and cyber dependency
SEC Regulation S-P
Privacy, processor, and data protection oversight
GLBA Safeguards Rule
Privacy, processor, and data protection oversight
HIPAA Business Associates
Privacy, processor, and data protection oversight
Federal Reserve TPRM
Outsourcing and third-party governance
FDIC TPRM
Outsourcing and third-party governance
CISA Supply Chain Risk
Third-party AI governance
Canada
OSFI B-10
Outsourcing and third-party governance
OSFI B-13
Technology, ICT, and cyber dependency
OSFI E-21
Operational resilience and continuity
PIPEDA Vendor Privacy
Privacy, processor, and data protection oversight
Critical Cyber Systems
Technology, ICT, and cyber dependency
IIROC Outsourcing
Outsourcing and third-party governance
CIRO Outsourcing
Outsourcing and third-party governance
Payments Canada TPRM
Regulated service delivery
Financial Consumer Protection
Regulated service delivery
Privacy Breach Vendor Risk
Privacy, processor, and data protection oversight
UK / EU
PRA SS2/21
Outsourcing and third-party governance
FCA Outsourcing
Operational resilience and continuity
UK Critical Third Parties
Outsourcing and third-party governance
EU DORA ICT TPRM
Technology, ICT, and cyber dependency
EBA Outsourcing
Outsourcing and third-party governance
EIOPA Cloud Outsourcing
Technology, ICT, and cyber dependency
ESMA Cloud Outsourcing
Technology, ICT, and cyber dependency
GDPR Processor Risk
Privacy, processor, and data protection oversight
NIS2 Supply Chain Security
Third-party AI governance
EU AI Act Third-Party AI
Third-party AI governance
UAE / ADGM / CBUAE
CBUAE Outsourcing Regulation
Outsourcing and third-party governance
CBUAE Outsourcing Standards
Outsourcing and third-party governance
CBUAE TPRM
Outsourcing and third-party governance
CBUAE Operational Risk
Operational resilience and continuity
ADGM FSRA IT Risk
Outsourcing and third-party governance
ADGM Outsourcing Risk
Outsourcing and third-party governance
ADGM AML & Sanctions TPRM
AML, sanctions, and reliance oversight
DFSA Outsourcing Risk
Outsourcing and third-party governance
UAE PDPL Processing
Privacy, processor, and data protection oversight
UAE Information Assurance
Technology, ICT, and cyber dependency
Saudi Arabia
Saudi NCA ECC
Technology, ICT, and cyber dependency
NCA Cloud Controls
Technology, ICT, and cyber dependency
NCA Critical Systems
Technology, ICT, and cyber dependency
NCA Data Controls
Technology, ICT, and cyber dependency
SAMA Cyber Security
Technology, ICT, and cyber dependency
SAMA Outsourcing Rules
Outsourcing and third-party governance
SAMA BCM
Operational resilience and continuity
SAMA Operational Risk
Operational resilience and continuity
Saudi PDPL Processing
Privacy, processor, and data protection oversight
CST Cloud Framework
Technology, ICT, and cyber dependency
Singapore
MAS TPRM
Outsourcing and third-party governance
MAS Outsourcing
Outsourcing and third-party governance
MAS Technology Risk
Technology, ICT, and cyber dependency
MAS BCM
Operational resilience and continuity
MAS Cyber Hygiene
Technology, ICT, and cyber dependency
MAS Operational Risk
Operational resilience and continuity
PDPA Processing
Outsourcing and third-party governance
CSA Cybersecurity Code
Technology, ICT, and cyber dependency
Critical Information Infrastructure
Outsourcing and third-party governance
AI Verify Third-Party AI
Third-party AI governance
India
RBI IT Outsourcing
Outsourcing and third-party governance
RBI Financial Services Outsourcing
Outsourcing and third-party governance
RBI Digital Lending
Regulated service delivery
RBI Cyber Security
Technology, ICT, and cyber dependency
RBI KYC Third-Party Reliance
AML, sanctions, and reliance oversight
SEBI Cyber Resilience
Technology, ICT, and cyber dependency
IRDAI Outsourcing
Third-party AI governance
India DPDP Processors
Privacy, processor, and data protection oversight
CERT-In Incident Reporting
Technology, ICT, and cyber dependency
NPCI Third-Party Risk
Outsourcing and third-party governance
APAC
APRA CPS 230
Operational resilience and continuity
APRA CPG 230
Operational resilience and continuity
HKMA SA-2 Outsourcing
Outsourcing and third-party governance
HKMA OR-2 Resilience
Operational resilience and continuity
HKMA TM-G-1 Technology Risk
Technology, ICT, and cyber dependency
Japan FSA Outsourcing
Outsourcing and third-party governance
Japan FISC Security Guidelines
Technology, ICT, and cyber dependency
Korea Electronic Financial Rules
Technology, ICT, and cyber dependency
Indonesia OJK IT Risk
Outsourcing and third-party governance
Philippines BSP Outsourcing
Outsourcing and third-party governance