Regulatory Compliance Content

Onspring integrates with leading content providers, including Unified Compliance and LexisNexis, to help you efficiently manage the regulations and standards that govern your business. By pulling the latest authoritative content into your Onspring platform, you can streamline the review process, understand impacts to your control environment and track issues to resolution.

PCI Compliance Content

If your organization is subject to the Payment Card Industry (PCI) data security standard, you face stringent requirements for protecting your customers’ sensitive payment information.

By managing PCI requirements within Onspring, you can:

  • Relate them to internal controls
  • Perform control testing and validation
  • Track issues and mitigation plans
  • Deliver accurate reporting at a moment’s notice

HIPAA Compliance Content

The Health Insurance Portability and Accountability Act (HIPAA) provides data privacy and security provisions for safeguarding medical information. Many organizations are subject to HIPAA requirements, not just those within the healthcare industry.

By capturing HIPAA content in Onspring, you can:

  • Break down the requirements and map them to your control library
  • Track the status and effectiveness of supporting controls
  • Manage issue response
  • Report on compliance status in real-time
Active Internal Controls by Compliance Status

GDPR Content

The EU General Data Protection Regulation (GDPR) went into effect in May 2018. Companies that operate or serve customers in the European Union must now comply with the GDPR’s extensive requirements for data privacy and protection.

By integrating GDPR content into Onspring, you can:

  • Gain a central view of requirements to facilitate organizational understanding and preparedness
  • Track GDPR requirements in the context of your internal control environment
  • Identify gaps that need to be closed
  • Report on progress and issues through live dashboards

ISO Content

The International Organization for Standardization (ISO) issues guidance on a wide range of topics. Onspring clients are frequently concerned with ISO 27701 (Privacy Information), ISO 27001 (Information Technology), ISO 27002 (Information Security) and ISO 31000 (Risk Management).

When you manage ISO content within Onspring, you can:

  • Segment the standards into individual citations, each mapped to internal controls
  • Understand control effectiveness
  • Monitor issue mitigation and hold individuals accountable for corrective actions
  • Receive alerts when changes require your attention

Note: To be compliant with an ISO audit, you need to be a licensee (for more information, visit or have purchased ISO content through a provider such as Unified Compliance.

FFIEC Content

The Federal Financial Institutions Examination Council (FFIEC) promotes uniformity and consistency in the supervision of financial institutions. FFIEC standards cover a number of topics, including information security, e-banking, business continuity, retail payment systems and more.

If your organization is subject to FFIEC requirements, you can use Onspring to:

  • Rapidly import content updates and map them to applicable controls
  • Perform design and operating tests
  • Report on your compliance status at any point in time

Additional Regulations and Standards

Along with the content detailed above, Onspring clients use our cloud-based platform to manage compliance with a range of authoritative sources, based on their industry, geography and other factors. This content includes COSO, COBIT, GLBA, NIST, PCAOB and others.

Onspring’s Data Connector and open API make it simple to bring in the precise content you need and manage it within the context of your overall compliance program. For additional details, please explore our Compliance Management Software or request a demo.