Every industry has its own risks and the certifications its buyers expect. Dharma maps yours and points you at the documents and frameworks that matter.
Key risks: Multi-tenant data, rapid change, global customers
Expected certifications: SOC 2 Type II, ISO 27001, GDPR, DPDP
Key risks: Payment and financial data, heavy regulation
Expected certifications: PCI DSS, SOC 1 and 2, RBI, MAS TRM, DORA, GLBA, SOX
Key risks: PHI, patient safety, confidentiality
Expected certifications: HIPAA, HITRUST, ISO 27001, GDPR health rules
Key risks: Model risk, bias, opacity, training data
Expected certifications: ISO 42001, EU AI Act, NIST AI RMF, SOC 2
Key risks: Sovereignty, clearances, onshore data
Expected certifications: FedRAMP, FISMA, CMMC, CJIS, IRAP, ENS, MeitY
Key risks: OT and IT, supply chain, IP
Expected certifications: ISO 27001, ISO 9001, TISAX awareness
Key risks: Offshore access, client data segregation
Expected certifications: ISO 27001, SOC 2, client schedules, PCI or HIPAA
Key risks: Children's data, student records
Expected certifications: COPPA, FERPA, GDPR and UK Children's Code, DPDP
Key risks: Cross-border data, partner networks
Expected certifications: ISO 27001, GDPR, sector security
Key risks: Prototype and supply-chain security
Expected certifications: TISAX, ISO 27001, ISO 9001