Governance
Legal requirements in the EU
ePrivacy Directive (cookie law) - EPD - NB will be replaced by ePrivacy Regulation
General Data Protection Regulation GDPR - privacy
National legal requirements to think of
Certifications
ISO 9001 - quality management systems
ISO/IEC 27001 (EU and rest of world) / SOC2 (North America) - how to protect your data
ISO/IEC 27002 - how to handle access to data and incident response
UK NCSC CRA - UK’s National Cyber Security Centre Cyber Resilience Audit which assures providers who can conduct independent Cyber Assessment Framework (CAF) based audits