Regulatory Guides,
References & Tools
Plain-language regulatory guides, compliance checklists, and statutory reference materials — built to help you understand your mandate before you purchase your documentation series.
Plain-Language Framework Guides
One guide per regulatory framework — what it is, who it applies to, what it requires, and the consequences of non-compliance. Each guide ends with a direct path to the corresponding VerdoCo series.
A plain-language explanation of the HIPAA Security Rule, Privacy Rule, and Breach Notification Rule — including who qualifies as a covered entity vs. a Business Associate, what constitutes ePHI, and what a written security program must contain.
A breakdown of the 110 security controls in NIST SP 800-171 Rev 2, what a System Security Plan (SSP) and Plan of Action & Milestones (POA&M) must contain, and how CMMC assessments evaluate documentation maturity.
The 2023 amended Safeguards Rule requires a written information security program covering risk assessment, access controls, encryption, multi-factor authentication, vendor oversight, and board-level reporting. This guide explains each requirement in plain terms.
DOJ's 2024 final rule made WCAG 2.1 Level AA the enforceable standard for state and local government digital services. This guide explains the compliance timeline, what WCAG 2.1 AA requires, and what a written accessibility program must document.
A comparative guide to the four most significant U.S. state privacy laws — CPRA, CPA, VCDPA, and TDPSA — covering applicability thresholds, consumer rights obligations, DPIA requirements, and the differences between them.
The NIST AI Risk Management Framework introduced four core functions — GOVERN, MAP, MEASURE, MANAGE — for responsible AI deployment. This guide explains each function, OMB M-24-10's federal agency requirements, and why private sector adoption is accelerating.
OSHA requires written safety programs for hazard communication, lockout/tagout, PPE, bloodborne pathogens, emergency action, and many other standards. This guide maps required written programs by industry type and hazard exposure.
The SEC's 2024 Reg S-P amendments expanded data breach notification requirements and information security obligations for registered investment advisers, broker-dealers, investment companies, and transfer agents. This guide explains what changed and what is now required.
The complete visual grammar guide for all VerdoCo documents — explaining teal editable fields, locked statutory content, silver italic references, and the implementation sequence for Phase 1 and Phase 2. Required reading before completing any VerdoCo document.
Quick Reference Checklists
Use these checklists to assess your current compliance posture before purchasing a VerdoCo series. Each checklist identifies the key documentation gaps the corresponding series is built to close.
HIPAA Documentation Readiness Checklist
Do you have these foundational HIPAA documents in place?
CMMC Level 2 Documentation Readiness Checklist
Do you have these foundational CMMC documents in place?
State Privacy Law Readiness Checklist
Do you have these foundational privacy program documents in place?
FTC Safeguards Rule (GLBA) Readiness Checklist
Do you have these foundational GLBA documents in place?
ADA Title II Digital Accessibility Readiness Checklist
Do you have these foundational accessibility program documents in place?
AI Governance Readiness Checklist
Do you have these foundational AI governance documents in place?
Official U.S. Government Sources
Every VerdoCo document is derived from these official primary sources. Use these links to verify regulatory requirements directly against the authoritative government publication.
HIPAA Regulations
45 CFR Parts 160, 162, and 164 — the complete HIPAA regulatory text including Security Rule, Privacy Rule, and Breach Notification Rule.
hhs.gov/hipaa →NIST SP 800-171 Rev 2
Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations — the 110-control framework underlying CMMC Level 2.
csrc.nist.gov →Safeguards Rule (16 CFR Part 314)
Standards for Safeguarding Customer Information — the 2023 amended rule requiring written information security programs for financial institutions.
ftc.gov →ADA Title II Final Rule (2024)
28 CFR Part 35 — DOJ's 2024 final rule establishing WCAG 2.1 AA as the enforceable digital accessibility standard for state and local governments.
ada.gov →AI Risk Management Framework 1.0
NIST AI RMF 1.0 — the GOVERN, MAP, MEASURE, MANAGE framework for responsible AI development and deployment.
nist.gov →Regulation S-P (17 CFR Part 248)
Privacy of Consumer Financial Information and Safeguarding Customer Information — including 2024 amendments to breach notification requirements.
sec.gov →29 CFR Parts 1904, 1910, 1926
OSHA recordkeeping requirements, general industry standards, and construction standards — the statutory basis for written program requirements.
osha.gov →State Privacy Laws
California Privacy Rights Act (CPRA), Colorado Privacy Act (CPA), Virginia CDPA, and Texas Data Privacy and Security Act — the primary state privacy frameworks.
cppa.ca.gov →Ready to Close the Gap?
Browse the complete VerdoCo catalogue and select the series that addresses your organization's documentation gap.
Browse All Series Read the FAQResources provided for general informational purposes only. Regulatory guidance changes frequently — always verify requirements against current primary sources and consult qualified legal counsel. VerdoCo · A Product Line of Nexosprop Logistics Corp · All Rights Reserved.