We use strictly necessary cookies to run this site, and — only with your consent — analytics & marketing cookies (Google Analytics, Google Tag Manager) to improve it. No analytics or marketing cookies are set unless you accept. See our Cookie Policy and Privacy Policy.

Free Tools

Compliance Self-Assessments

Pick a standard, answer a short control survey, and get an instant readiness score with a domain-by-domain breakdown and a prioritised gap list — from CERT-In empanelled, PCI QSA authorised auditors. Free, no obligation.

Payments & Cards

22 questions · 6 domains

PCI DSS v4.0.1

Gauge how ready your cardholder data environment is for a QSA assessment — across all 12 PCI DSS requirements.

Start assessment →

Information Security

22 questions · 6 domains

ISO/IEC 27001:2022

See how ready your ISMS is for ISO/IEC 27001:2022 certification — across the management system and Annex A controls.

Start assessment →
22 questions · 6 domains

SOC 2 (Trust Services Criteria)

Assess your readiness for a SOC 2 examination across the Security, Availability, Confidentiality, Processing Integrity and Privacy criteria.

Start assessment →

Data Privacy

22 questions · 6 domains

DPDP Act, 2023 (India)

Check your readiness for India’s Digital Personal Data Protection Act, 2023 — notice, consent, data-principal rights, security and breach obligations.

Start assessment →
22 questions · 6 domains

GDPR (EU / UK)

Assess your GDPR readiness — lawful basis, data-subject rights, records of processing, security and international transfers.

Start assessment →
20 questions · 6 domains

ISO/IEC 27701 (Privacy)

Assess readiness for a Privacy Information Management System (PIMS) extending ISO 27001 with controller and processor privacy controls.

Start assessment →

Healthcare

21 questions · 6 domains

HIPAA (Security & Privacy)

Assess your readiness against the HIPAA Security, Privacy and Breach Notification Rules for protecting ePHI.

Start assessment →
20 questions · 6 domains

HITRUST CSF

Assess readiness for a HITRUST CSF assessment — a certifiable, risk-based framework harmonising HIPAA, ISO, NIST and more.

Start assessment →

Cyber Frameworks

24 questions · 6 domains

NIST CSF 2.0

Benchmark your cyber programme against the six functions of the NIST Cybersecurity Framework 2.0 — Govern, Identify, Protect, Detect, Respond, Recover.

Start assessment →
20 questions · 6 domains

CERT-In Cyber Audit

Check your readiness for a CERT-In empanelled cyber audit and compliance with the CERT-In Directions (April 2022).

Start assessment →
22 questions · 6 domains

CIS Controls v8.1

Measure your cyber hygiene against the 18 CIS Critical Security Controls — a prioritised, practical baseline.

Start assessment →
22 questions · 6 domains

NIST SP 800-53 Rev.5

Assess your control posture against NIST SP 800-53 Rev.5 control families — the baseline for FISMA, FedRAMP and many US programmes.

Start assessment →

BFSI (India)

22 questions · 6 domains

RBI Cyber Security Framework

Assess your readiness against the RBI Cyber Security Framework for banks — governance, baseline controls, SOC and incident reporting.

Start assessment →
22 questions · 6 domains

SEBI CSCRF

Assess readiness against SEBI’s Cybersecurity and Cyber Resilience Framework for regulated entities — anchored on the NIST functions plus SEBI-specific mandates.

Start assessment →
18 questions · 6 domains

SWIFT CSP (CSCF)

Assess readiness against the SWIFT Customer Security Controls Framework for your SWIFT-connected environment.

Start assessment →
18 questions · 6 domains

NPCI UPI / TPAP Audit

Assess readiness for an NPCI UPI / Third-Party App Provider (TPAP) security audit and PSP/UPI ecosystem controls.

Start assessment →

Resilience

20 questions · 6 domains

ISO 22301 (Business Continuity)

Assess your Business Continuity Management System against ISO 22301:2019 — BIA, strategy, plans, exercising and improvement.

Start assessment →

Middle East

20 questions · 6 domains

UAE IA / NESA

Assess readiness against the UAE Information Assurance Standards (NESA/SIA) — management and technical controls for entities in the UAE.

Start assessment →

Global / EU

18 questions · 6 domains

NIS2 Directive (EU)

Assess readiness against the EU NIS2 Directive cybersecurity risk-management measures and incident-reporting obligations.

Start assessment →
20 questions · 6 domains

CMMC 2.0 (Level 2)

Assess readiness for CMMC 2.0 Level 2, aligned to NIST SP 800-171 controls for protecting Controlled Unclassified Information (CUI).

Start assessment →

These self-assessments give an indicative readiness view for planning. A formal gap assessment by a qualified auditor is required before certification. Looking for downloadable control checklists instead? See our free checklists.