(Last updated September 29, 2025)
Total Compliance Tracking’s portal can help you manage every type of audit your organization needs to fulfill. With dozens of ready‑made templates already tuned to standard audit requirements, plus the flexibility to add any custom type of audit for a nominal one‑time set‑up fee, you can take control of your entire audit universe with TCT’s portal.
We’re constantly adding more free templates for standard audit requirements to make it easy for you to start managing compliance today. If you don’t see yours listed, please let us know and we’ll be happy to add any industry standard audit requirements at no cost to you, since others will need them also. Contact us for any special audit requirements ‑ we’ll get you on your way to audit mastery in no time!
Examples of ready‑made audit templates available in TCT’s Portal include (but are not limited to):
| 23 NYCRR 500 | New York State Department of Financial Services 23 NYCRR 500 |
| AS9100 RevD | Aerospace Standard 9100 |
| ASD | Australian Signals Directorate (ASD) – Essential Eight |
| BSA / AML | Bank Secrecy Act / Anti‑Money Laundering Examination |
| CCPA | The California Consumer Privacy Act of 2018 |
| CCSS | CryptoCurrency Security Standards |
| CFPB CMR-IT | CFPB CMR-IT |
| CIS Controls v8.1 | Center for Internet Security Controls v8.1 |
| CJIS v5.9.2 | Criminal Justice Information Services Security Policy |
| CMMC v2.13 | Cybersecurity Maturity Model Certification v2.13 |
| CMS | Centers for Medicare & Medicaid Services Required Security and Privacy Control Baselines |
| CMS Non-Cloud | Centers for Medicare & Medicaid Services Required Security and Privacy Control Baselines |
| Contactless Payments on COTS v1.0 | Contactless Payments on COTS v1.0 |
| CPRA | Consumer Privacy Rights Act of 2020 (Nov 2022) |
| CPNI | Customer Proprietary Network Information |
| DOE STR | Department of Energy Security Technical Requirements |
| DORA | Digital Operational Resilience Act |
| eCFR | Electronic Code of Federal Regulations |
| EIS | Center for Internet Security ‑ Elections Infrastructure Security |
| Exostar | Exostar GAPS |
| FedRAMP ‑ Low | Federal Risk and Authorization Management Program Security Controls ‑ Low |
| FedRAMP ‑ Medium | Federal Risk and Authorization Management Program Security Controls ‑ Medium |
| FedRAMP ‑ High | Federal Risk and Authorization Management Program Security Controls ‑ High |
| FFIEC ‑ BCP | Federal Financial Institutions Examination Council’s ‑ Business Continuity Planning |
| FFIEC ‑ IS | Federal Financial Institutions Examination Council’s ‑ Information Security |
| FFIEC ‑ M | Federal Financial Institutions Examination Council’s ‑ Management |
| GARS | Visa Global Acquirer Risk Standards |
| GDPR | General Data Protection Regulation |
| GLBA | The Gramm–Leach–Bliley Act |
| GLI-19 v2.0 | Standards for Interactive Gaming Systems |
| GLI-27 v1.1 | Network Security Best Practices 1/21/2013 |
| GLI-33 v1.1 | Standards for Event Wagering Systems. |
| HECVAT | Higher Education Cloud Vendor Assessment Tool |
| HICP | Health Industry Cybersecurity Practices |
| HIPAA | Health Insurance Portability and Accountability Act |
| HIPAA‑HITECH | Health Insurance Portability and Accountability Act Plus Health Information Technology for Economic and Clinical Health Privacy and Breach Requirements |
| IRS 1075 | Internal Revenue Services Publication 1075 |
| ISO 27001 | Information security, cybersecurity and privacy protection — Information security management systems |
| ISO 27002 | Information security, cybersecurity and privacy protection — Information security controls |
| ISO 27701 | Security techniques — Extension to ISO/IEC 27001 and ISO/IEC 27002 for privacy information management |
| ISO 42001 | Information technology – Artificial intelligence – Management system |
| MO GC MICS Ch.S | Missouri Gaming Commission MICS Ch.S – MIS |
| NACHA | National Automated Clearing House Association |
| NAID | National Association for Information Destruction |
| NIST 800‑171 | Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations |
| NIST 800-172 | Enhanced Security Requirements for Protecting Controlled Unclassified Information |
| NIST 800‑37 | Risk Management Framework for Information Systems and Organizations: A System Life Cycle Approach for Security and Privacy |
| NIST 800‑53 ‑ Low | Security and Privacy Controls for Information Systems and Organizations – Low |
| NIST 800‑53 ‑ Mod | Security and Privacy Controls for Information Systems and Organizations – Mod |
| NIST 800‑53 ‑ High | Security and Privacy Controls for Information Systems and Organizations – High |
| NIST 800‑66 | Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule |
| NIST CSF | Framework for Improving Critical Infrastructure Cybersecurity |
| NIST Privacy | Privacy Framework |
| NIST SSDF | Secure Software Development Framework |
| OCIE | Securities and Exchange Commission ‑ Office of Compliance Inspections and Examinations |
| P11 FDA | Part 11 Food and Drug Administration |
| P2PE | Payment Card Industry ‑ Point‑To‑Point Encryption |
| PA DSS v3.2 | Payment Application Data Security Standard v3.2 |
| PCI DSS 3DS ROC v1.0 | Payment Card Industry Data Security Standard ‑ 3‑D Secure v1.0 |
| PCI DSS P2PE 3.2.1 | Payment Card Industry Data Security Standard ‑ Point‑To‑Point Encryption |
| PCI DSS PIN ROC v3.1 r1.0d | Payment Card Industry Data Security Standard Personal Identification Number Security Requirements v3.1 r1.0d |
| PCI DSS ROC 4.0.1 r2 | Payment Card Industry Data Security Standard v4.0.1 Report On Compliance |
| PCI DSS SROC 3.2.1 | Payment Card Industry Data Security Standard Supplemental Report on Compliance ‑ Designated Entities |
| PCI Secure SLC v1.1 | Payment Card Industry Software Security Framework Secure Software Lifecycle v1.1 |
| PCI Software Security Framework | Payment Card Industry Software Security Framework v1.1 |
| PCI DSS SAQ P2PE 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire Point-To-Point Encryption v4.0 |
| PCI DSS SAQ-A 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-A v4.0 |
| PCI DSS SAQ-A-EP 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-A-EP v4.0 |
| PCI DSS SAQ-B 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-B v4.0 |
| PCI DSS SAQ-B-IP 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-B-IP v4.0 |
| PCI DSS SAQ-C 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-C v4.0 |
| PCI DSS SAQ-C-VT 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-C-VT v4.0 |
| PCI DSS SAQ-D M 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-D v4.0 Merchant |
| PCI DSS SAQ-D SP 4.0.1 | Payment Card Industry Data Security Standard Self-Assessment Questionnaire-D v4.0 Service Provider |
| P39 | Quebec Privacy Act |
| PIPA | Personal Information Protection Act |
| PIPEDA | Personal Information Protection and Electronic Documents Act |
| PSPF | Protective Security Policy Framework |
| Reg SCI | Regulation Systems Compliance and Integrity ‑ Obligations |
| SIG Core | Standardized Information Gathering CORE Questionnaire |
| SIG LITE | Standardized Information Gathering LITE Questionnaire |
| SWIFT CSCF | SWIFT Customer Security Controls Framework |
| SOC 2 ‑ 2017 | Systems and Organizations Controls 2 ‑ 2017 Trust Services Criteria |
| SOX | Sarbanes‑Oxley Act |
| UK DCC | UK Defence Cybersecurity Certification |
| US Privacy laws | Privacy Laws For US State Regulations |
| VPAT | Voluntary Product Accessibility Template® |
Don’t worry. If your audit requirements aren’t included in the list above, Total Compliance Tracking can still help you manage any industry standard compliance requirements — we will add those for free, for paying clients. Ask us if we have a template in the works, or we will help you design your own, proprietary custom templates for your Total Compliance Tracking portal for a nominal, one‑set set up fee.