Compliance Framework Research Articles

Security compliance and its implication for cybersecurity

Security compliance plays a critical role in shaping and enhancing the cybersecurity posture of organizations. It involves adhering to legal, regulatory, and industry standards that govern data protection, privacy, and security measures. Key regulations, such as GDPR, HIPAA, and PCI DSS, along with international standards like ISO/IEC 27001 and NIST, require organizations to implement security frameworks aimed at managing risks, protecting sensitive data, and ensuring the confidentiality, integrity, and availability of information. The impact of security compliance extends beyond regulatory adherence. By implementing compliance frameworks, organizations enhance their ability to mitigate threats, respond to incidents, and recover from security breaches more effectively. These frameworks help ensure that security measures are consistent, well-documented, and aligned with industry best practices. Additionally, compliance fosters organizational accountability by requiring management oversight and promoting a security-first culture across all levels. However, compliance also presents challenges. Organizations must balance the often resource-intensive process of maintaining compliance with the need for a proactive security strategy that addresses emerging cyber threats. Compliance is sometimes viewed as a "check-the-box" activity, which may lead to a gap between regulatory adherence and actual security needs. Furthermore, the constantly evolving threat landscape requires continuous updates to compliance frameworks, which can be costly and complex, especially for multinational organizations operating under different regulatory regimes. Non-compliance can lead to severe consequences, including legal penalties, financial losses, reputational damage, and operational disruptions. As technology and cyber threats evolve, the relationship between security compliance and cybersecurity will continue to grow in importance, with a greater focus on integrating risk-based approaches and automation into compliance management.

A BIM-integrated Thailand building energy code framework for building envelope thermal requirements in a conceptual design stage

This work presents the development of a building energy code (BEC) of Thailand compliance framework during conceptual design stages (CDS) using building information modeling (BIM) through visual programming language (VPL). The proposed method included five steps: (i) establish a commercial building reference; (ii) develop a BIM base model; (iii) create a BIM overall thermal transfer value (OTTV) and roof thermal transfer value (RTTV) calculation model with VPL scripts; (iv) test the BIM framework with various scenarios; and (v) verify the results with Thailand BEC software. The findings revealed an insignificant difference between the results from the BIM calculation model and those estimated by the Thailand BEC software. This study demonstrated that using BIM with VPL for OTTV and RTTV calculations during the CDS may be implemented automatically, which could help designers make timely decisions to comply with Thailand’s BEC, considering building design, materials, and fenestration ratios.

ELSMOR - towards European Licensing of Small Modular Reactors:Methodology recommendations for light-water small modular reactors safety assessment.

Decarbonization of energy production is key in today's societies and nuclear energy holds an essential place in this prospect. Besides heavy-duty electricity production, other industrial and communal needs could be served by integrating novel nuclear energy production systems, among which are low-power nuclear devices, like small modular reactors (SMRs). The ELSMOR (towards European Licensing of Small Modular Reactors) European project addresses this topic as an answer to the Horizon 2020 Euratom NFRP-2018-3 call. The consortium includes 15 partners from eight European countries, involving research institutes, major European nuclear companies and technical support organizations. The 3.5-year project, launched in September 2019, investigates selected safety features of light-water (LW) SMRs with focus on licensing aspects. Providing a comprehensive compliance framework that regulators can adopt and operate, the licensing process of such SMRs could be optimized, helping their deployment. In this prospect, as a result of ELSMOR's work, this article gives an overview of the specific issues that LW-SMRs may bring about in the different domains of nuclear safety, in terms of: •Methodological standpoints: safety goals, safety requirements, safety principles (defence-in-depth implementation);•Main safety functions of reactivity control, decay heat removal and confinement management;•Severe accident management;•Other safety issues particular to SMRs: use of shared systems; performing of multi-unit probabilistic safety assessment (PSA); spent fuel management, transport and disposal management. In this article, adequate methodologies are developed to deal with these issues and to help assess the safety of LW-SMRs. This work gives a precious synthesis of the safety assessment issues of LW-SMRs and of the associated methodologies developed in the context of the ELSMOR European project.

Cybersecurity Compliance Frameworks- a pragmatic view with an IT outsourcing company case study

Cybersecurity Compliance Frameworks- a pragmatic view with an IT outsourcing company case study

Role of online health communities in patient compliance: a social support perspective

Purpose Online health communities (OHC) can transform the healthcare industry, particularly in developing economies. Technology advancement and increased health literacy pave the way for these communities to become powerful tools for empowering patients. The purpose of this study was to empirically validate the linkages between social support and how it overarchingly influences patient compliance. Following social support theory, this study delineates how support from the community affects the patient–physician relationship (PERP) and consequently patient compliance regarding the treatment plan. This study also invents the role of patient trust in an OHC in moderating the relationship between PERP and engagement. Design/methodology/approach This paper is based on social support and empowerment theories to investigate the importance of social support in improving patients’ health behaviours and health outcomes via patient empowerment, patient engagement and patient compliance. The authors surveyed users from three Facebook cancer communities in India to collect data. The authors used partial least squares structured equation modelling and necessary condition analysis (NCA) with 265 participants to support the proposed model. Findings The result demonstrates that PERP is a crucial factor for patient engagement in OHC, and patient engagement has a significant effect on patient compliance. The results also showed that trust was a significant moderator between PERP and engagement. The NCA analysis shows all the relationships are significant; however, emotional support is not a necessary condition for PERP. Research limitations/implications By empowering cancer patients and enabling them to meet their emotional and informational needs through OHCs, the study model can aid in the development of solutions that will improve compliance with their treatment in an emerging economic context. The findings indicate the potential chain reaction of social support and PERP in online cancer health communities. This study also contributes to quantifying the social impacts of online healthcare services and how to enhance the healthcare compliance framework. Originality/value This study combines social support and empowerment theory with patient, physician, and technology to provide a fine-grained picture of PERP in OHC. It explains how social support in OHC promotes self-care behaviour. This linkage validation enables readers and the community at large to gain a more nuanced understanding of how social support – through PERP, engagement and trust – enables patient compliance using primary data.

Holistic Information Security Management and Compliance Framework

The growing complexity of cybersecurity threats demands a robust framework that integrates various security domains, addressing the issue of disjointed security practices that fail to comply with evolving regulations. This paper introduces a novel information security management and compliance framework that integrates operational, technical, human, and physical security domains. The aim of this framework is to enable organizations to identify the requisite information security controls and legislative compliance needs effectively. Unlike traditional approaches, this framework systematically aligns with both current and emerging security legislation, including GDPR, NIS2 Directive, and the Artificial Intelligence Act, offering a unified approach to comprehensive security management. The experimental methodology involves evaluating the framework against five distinct risk scenarios to test its effectiveness and adaptability. Each scenario assesses the framework’s capability to manage and ensure compliance with specific security controls and regulations. The results demonstrate that the proposed framework not only meets compliance requirements across multiple security domains but also provides a scalable solution for adapting to new threats and regulations efficiently. These findings represent a significant step forward in holistic security management, indicating that organizations can enhance their security posture and legislative compliance simultaneously through this integrated framework.

Johnny Still Can't Opt-out: Assessing the IAB CCPA Compliance Framework

The privacy laws and regulations that govern the collection, sharing, and selling of online data are changing. In the U.S., California adopted the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), and twelve other U.S. states have adopted similar laws. Industry has responded by developing technical standards for collecting and disseminating consent information, such as the IAB CCPA Compliance Framework. While publishers are adopting this framework and the IAB is extending it to cover privacy laws in other U.S. states, recent work has observed that opt-out signals are not being honored under the framework. In this study, we take a deep dive into the IAB CCPA Compliance Framework to measure end-to-end flows of consent information and better understand why opt-out signals are not being honored. Using data crawled from top websites under different experimental conditions, we examine overall adoption of the framework, the flow of consent information from publishers to third parties and between third parties, and finally the reach of opt-out signals. Our results uncover numerous issues with the adoption and implementation of the framework that prevent users' consent choices from being honored by third parties.

A legal and regulatory compliance framework for maritime operations in Nigerian oil companies

The maritime sector plays a critical role in Nigeria's oil industry, serving as the primary conduit for offshore oil exploration, production, and transportation. As the country remains heavily reliant on its oil revenues, ensuring that maritime operations comply with legal and regulatory standards is crucial for operational safety, environmental sustainability, and economic stability. This review outlines a comprehensive legal and regulatory compliance framework for maritime operations in Nigerian oil companies, focusing on the roles of key regulatory bodies such as the Department of Petroleum Resources (DPR), the Nigerian Maritime Administration and Safety Agency (NIMASA), and the National Environmental Standards and Regulations Enforcement Agency (NESREA). It explores major laws such as the Coastal and Inland Shipping (Cabotage) Act, Petroleum Industry Act (PIA), and Environmental Impact Assessment (EIA) Act, highlighting their implications for offshore drilling, oil transportation, and environmental protection. Additionally, the review discusses the compliance challenges Nigerian oil companies face, including environmental risks, maritime security threats, jurisdictional conflicts, and the technical demands of adhering to safety standards. To address these challenges, the study emphasizes the need for regular audits, technology integration, capacity building, and collaborative engagements between oil companies and regulatory authorities. Through case studies on oil spill response and the enforcement of cabotage laws, the review underscores the importance of robust regulatory enforcement to ensure safety, mitigate environmental damage, and enhance operational efficiency. This framework is essential for the future growth of Nigeria’s oil sector, balancing economic gains with legal compliance and sustainability in maritime operations.

Comprehensive data security and compliance framework for SMEs

Small and Medium-sized Enterprises (SMEs) are increasingly relying on cloud platforms to support critical business operations, making effective disaster recovery (DR) strategies essential for ensuring business continuity. This review proposes a robust disaster recovery framework tailored for SMEs, designed to minimize downtime and data loss in the event of a system failure, cyberattack, or natural disaster. The framework integrates advanced cloud technologies to create a cost-effective, scalable solution that aligns with the resource constraints of SMEs while providing enterprise-grade resilience. Key components of the disaster recovery framework include cloud-based data replication, automated backup solutions, and geo-redundant storage to ensure that data is continuously available and recoverable. This model employs real-time data synchronization and incremental backups to minimize Recovery Point Objectives (RPO), ensuring that critical data is not lost during an unexpected outage. Additionally, the framework leverages automated failover mechanisms to achieve low Recovery Time Objectives (RTO), allowing businesses to restore operations quickly after an interruption. Cloud orchestration tools such as AWS Elastic Disaster Recovery or Azure Site Recovery are utilized to automate disaster recovery processes, reducing manual intervention and improving the speed of recovery. The framework also incorporates regular testing of disaster recovery plans, using simulation tools to identify weaknesses and optimize response times. For SMEs, cost-effectiveness and ease of management are crucial. The framework emphasizes a pay-as-you-go model for cloud resources, allowing businesses to scale their disaster recovery solutions as they grow without incurring excessive upfront costs. By providing continuous monitoring and proactive threat detection, this disaster recovery framework ensures that SMEs can maintain uninterrupted business operations on cloud platforms, thereby enhancing resilience and mitigating the financial and operational risks associated with data loss and system downtime.

Sociological Behaviour and Excise Duty Compliance Nexus: Do Dispute Resolution Mechanisms Matter? Evidence From Alcoholic Beverage Manufacturers in Kenya

Purpose: Despite implementation of several initiatives to improve tax revenue collections, actual tax revenues have fallen short of projected targets. The purpose of the study was to determine the moderating role of dispute resolution mechanisms on the relationship between sociological behaviour and excise duty compliance among alcoholic beverage manufacturers in Nairobi County, Kenya. The study was guided by the theory of planned behaviour and judicial organization and adjective law theory. Methodology: The study employed explanatory research design. The target population of the study was 231 respondents. Primary data was collected through structured questionnaires. Out of 231 issued questionnaires, 185 filled and returned the questionnaires. Results: The study found that sociological behavior had a positive and significant effect on excise duty compliance, β=0.270 and p-value=0.000124<0.05. The study also found that dispute resolution mechanisms moderate and enhance the positive effect of sociological behaviour on excise duty compliance, β=0.113 and p-value of 0.000000<0.05. Conclusion: It is recommended that policymakers should consider and incorporate the theory of planned behaviour into tax compliance frameworks since understanding how sociological behaviour influences tax compliance can inform the development of targeted interventions and policies. It is also recommended that effective and affordable dispute resolution mechanisms should be put in place as they provide clarity and ultimately result in resolution of conflicts arising on account of excise duty thus promoting excise duty compliance. Future studies should be conducted on the effect of tax incentives on excise duty compliance.

The trifecta against financial crime: A collaborative analysis of the roles of banks, consulting firms, and governments

The roles of banks, consulting firms and governments are intertwined in combating financial crime. Banks are on the frontlines as they process financial transactions and engage directly with customers. Banks are extraordinarily strategic because they interface with customers and are heavily involved in handling financial transactions worldwide. They watch accounts for any suspicious activity and report such activities to the legal bodies as expected under AML regulations. Consulting firms help banks, as well as other financial organizations to create various tools for evaluating threats and devising strategies for firms to conform to. They also do training in the area of financial crime prevention. Governments put in place measures in the form of legislation that seeks to prevent and curtail acts such as money laundering, financing of terrorism and tax evasion among others. Materials and Methods: The study’s literature was obtained from electronic databases. Only the articles that investigated the effectiveness and efficiency of anti-money laundering/counter-terrorist financing policies and regulations and/or sources that compared financial institutions’ cooperation with consulting companies and governmental agencies were included. Among the reviewed sources 53 from 1980 till 2023, which included academic books, journal articles, government and international organization reports. Results: The literature shows that relying on the regulation is inadequate for controlling finance related crimes. Banks have a profit-driven culture and it lacks scrupulousness towards integrity risks. For the same purpose, prescriptive regulations increase disproportionate compliance costs for small jurisdictions and financial institutions. Companies seeking risk management services get these from consulting firms that also profit from molding compliance frameworks. Syndication enables the employment of unique features possessed by each party. While the banks have an effective network and reach, the consulting firms can analyze data accurately, and the government has statutory power and control. Discussion: Shifting social norms are another driver: peoples’ behavior in financial markets today is a shift from that of even a decade ago and there is a need to address financial crime in a shared manner and increase cooperation at a global level. To put measures in place, the roles and responsibilities should be well defined based on strengths of each of the entities. Banks are also in good shape for transaction monitoring although they need some regulation to do so. Analyzing the motives for consulting firms, it is possible to state that the provision of technical solutions is possible only if there are factors that guarantee the transparency of actions. Governments provided the blueprint in achieving the proportionate, risk adjusted policies while leaving it to the private sector to drive the processes. This is because we have seen that financial globalization means that nations have to ideally move in synchrony. International agencies such as the UN, FATF, FSB, IMF and others have contributed to the development of international standards, whereas in national situations, the effects vary from one country to another. Conclusion: It can therefore be seen that no single entity can deal with such complicated concepts of transnational financial crimes in isolation. The utilization of the mandated strategies by banks, consulting companies and governments as essential collaborators in tandem with their core competencies is the most useful approach. This triumvirate, therefore, has great potential to add real value to anti-financial crime efficiency when properly aligned and adequately supervised in a manner consistently and holistically operationalized.

Nexus between Environmentally Specific Servant Leadership, Green Knowledge Sharing, Green Capacities, Green Service Innovation, and Green Competitive Advantage in the Hospitality Sector of Pakistan: An SDG & ESG Stakeholder Compliance Framework

Nexus between Environmentally Specific Servant Leadership, Green Knowledge Sharing, Green Capacities, Green Service Innovation, and Green Competitive Advantage in the Hospitality Sector of Pakistan: An SDG & ESG Stakeholder Compliance Framework

Cybersecurity in Healthcare: Securing Patient Health Information (PHI), HIPPA compliance framework and the responsibilities of healthcare providers.

Healthcare industry is major target for cyberattacks, making the protection of public health information (PHI) and Personal Identifiable Information (PII) a prime issue. In this digital era, with health organizations shifting to electronic health records and telemedicine, they are facing a major cybersecurity attack such as ransomware, phishing, and data breaches. These attacks compromise patient privacy, pose serious risks to patient safety, and hinder healthcare operations. The Health Insurance Portability and Accountability Act (HIPAA) provides a comprehensive compliance framework to protect PHI, wherein health providers shall undertake administrative, physical and technical safeguards. Despite these regulations, many healthcare providers struggle with achieving and maintaining HIPAA compliance due to limited resources, outdated technologies, and the rapidly evolving nature of cyber threats. This paper explores the HIPAA compliance framework, examining the specific responsibilities of healthcare providers to secure PHI. Key measures taken include periodic analysis of risks, establishment of encryption and access control systems, and comprehensive employee training to minimize risks of cyber-attacks. The study highlights that there is a growing need for healthcare providers to adopt proactive, adaptive cybersecurity strategies to deal with emerging threats. By following HIPAA regulations and updating security practices continuously, healthcare providers can protect the PHI, ensure regulatory compliance and safeguarding patient trust. The findings emphasize the role of adhering to regulation and innovation both in managing cyber risks for the healthcare sector.

Enhancing Regulatory Compliance to Prevent Errors: Insights from Federal Housing Program Implementation

Purpose: Regulatory compliance is a vital part of governance, ensuring that programs across various sectors are implemented effectively and without errors. This study focuses on the Virginia Beach Housing & Neighborhood Preservation department, examining how it managed the CARES Act and HUD ARPA legislation, two significant federal regulations introduced during challenging times. The integration of these laws into existing local policies presented a range of difficulties, including conflicts, misinterpretations, and delays. This research analyzes those challenges and offers strategies to streamline compliance in future situations. Methodology: To better understand the regulatory hurdles, this study employed a thorough document analysis and compared housing sector compliance issues with those faced in healthcare. Both sectors deal with strict regulations, and non-compliance can have serious consequences. In healthcare, for instance, lapses in compliance can endanger patient safety, while in housing, they can lead to administrative inefficiencies and misuse of resources. By drawing this comparison, the study highlights the broader implications of effective compliance systems across different sectors. Findings: The findings show that regulatory compliance not only helps reduce errors but also enhances overall program performance. The challenges faced by the Virginia Beach Housing & Neighborhood Preservation department serve as an example of the obstacles organizations encounter when implementing new regulations. The solutions proposed in this study offer a clear path for improving compliance systems and reducing operational disruptions. Unique Contribution to Theory, Policy and Practice: Ultimately, this study emphasizes the importance of robust compliance frameworks in ensuring efficient program execution. It argues that proper management of compliance not only mitigates risks but also contributes to better outcomes across various sectors. By offering practical strategies for overcoming compliance challenges, this research adds valuable insights to the field and supports the ongoing development of effective regulatory practices that benefit both organizations and the communities they serve.

Reforming Corporate Compliance Systems in China Under the New Company Law: Lessons from The United States and Japan

This article investigates the construction of an ideal compliance system under China’s new Company Law through a comparative legal analysis. It begins by identifying the existing challenges in China’s compliance framework, particularly the historical dominance of shareholder primacy and the uneven distribution of responsibilities under the previous Company Law. These issues have hindered the development of an effective compliance system, necessitating a reevaluation of corporate governance principles in China. The comparative analysis examines the compliance systems in the United States and Japan, focusing on the frameworks and key elements such as fiduciary duties and the application of the business judgment rule. The study highlights significant differences in how these jurisdictions handle compliance, providing insights into potential improvements for China’s system. This section underscores the importance of adapting international best practices to local contexts to enhance the effectiveness of corporate compliance in China. Finally, the article proposes a dual-level compliance concept tailored to China’s unique legal and corporate environment, integrating both private and public interests. It outlines specific compliance duties for directors, supervisors, and other compliance personnel, emphasizing the need for robust information transmission, whistleblower protections, and temporary management systems. The conclusion calls for a comprehensive and flexible compliance framework that not only ensures corporate profitability but also promotes broader societal welfare, aligning with the evolving goals of corporate governance in China. Keywords: Compliance System, Corporate Governance, Fiduciary Duties, Business Judgment Rule, New Company Law

Factors affecting financial engineering and product development in Islamic Financial Institutions

Purpose This study aims to analyze Islamic financial institutions’ (IFIs) current financial engineering and product development procedures. Design/methodology/approach The paper is quantitative in nature and the survey questionnaire were collected from managers and IF experts working for Islamic Banks, Takaful and other IFIs in Turkey, Malaysia and UAE. Two-stage structural equation modeling was used to test the hypothesis. Findings The findings highlighted that the Shari’ah Supervisory Board, Strategy and Planning of IFIs, Legal and Regulatory framework, pricing of a new product and financial performance positively impact the new product development (NPD) process. At the same time, Islamic values have no significant positive impact. Research limitations/implications When generalizing the research results, data collection from the right departments was the main limitation of the current study. Future research may opt to collect data only from Product Development Departments. Practical implications The findings of this study will allow IFIs to reflect on their present methods, procedures and Shari’ah compliance framework for the NPD process. Originality/value Factors affecting the product development and financial engineering process are discussed in the literature. The findings of this study can be regarded as building blocks for future academic research on product development and financial engineering in Islamic finance.

The use of corrective action frameworks in international fisheries management

Compliance frameworks are important to promoting sustainable management of shared fisheries resources through the robust and transparent assessment of the implementation of conservation measures by States that are party to international agreements. This paper provides a review of existing compliance frameworks, with a special focus on corrective actions to respond to non-compliance in regional fisheries management organisations or arrangements, as well as a selection of multilateral environmental organisations. The analysis of the surveyed schemes of corrective actions identifies common themes and practices, which can provide a foundation on which to support the development of, or refinement of existing, schemes of corrective actions by other international organisations or arrangements.

Proposed Methodology For Indonesian State-Owned Enterprises To Conduct Corporate Spin-Off

This research addresses the absence of a formal framework for compliance with corporate spin-offs within Indonesian state-owned enterprises (SOEs). Focusing on a real issue within a state-owned aviation company, the study proposes a comprehensive methodology for SOEs to navigate spin-offs, ensuring adherence to regulatory requirements. By collecting and interpreting relevant regulations and conducting interviews where guidelines are unclear, the research establishes detailed flowcharts outlining the step-by-step procedure. The suggested solution involves following these flowcharts, considering five critical aspects, including government regulation and business law, to successfully implement spin-offs. It is important to note that the proposed methodology is specific to Indonesian state-owned enterprises and is based on government regulations as of November 2023. Users should adapt the methodology in case of regulatory amendments or new compliance-related issues. The research, however, focuses solely on the steps leading to the commencement of new entity operations and does not extend beyond this phase.

Enhancing digital access and inclusion for SMEs in the financial services industry through Cybersecurity GRC: A pathway to safer digital ecosystems

This research paper explores the enhancement of digital access and inclusion for Small and Medium Enterprises (SMEs) in the financial services industry by implementing Cybersecurity Governance, Risk Management, and Compliance (GRC) frameworks. It begins by analyzing the current state of digital access for SMEs, highlighting the significant benefits of digital transformation, including operational efficiencies, enhanced customer experiences, and new market opportunities. The paper identifies key barriers to digital access, such as cybersecurity risks, regulatory compliance challenges, financial constraints, and the lack of digital expertise. The study then reviews existing initiatives aimed at enhancing digital access for SMEs, including government programs, industry collaborations, cybersecurity awareness and training efforts, and fintech solutions. The paper argues that while these initiatives are beneficial, they often fail without a comprehensive GRC framework to address underlying security and compliance issues. A detailed conceptual model is proposed, comprising digital strategy and planning, a robust cybersecurity framework, effective governance and compliance practices, proactive risk management, continuous training and awareness, technological innovation, and collaboration and partnerships. Each component systematically addresses the identified barriers and facilitates a safer, more inclusive digital ecosystem for SMEs. The implementation of this model is outlined in four phases: initiation, implementation, operational, and evaluation, ensuring a structured approach to digital transformation. The paper concludes with recommendations for SMEs to adopt this model, emphasizing the importance of stakeholder engagement, resource allocation, and continuous evaluation. Keywords: Digital Transformation, SMEs, Cybersecurity, GRC, Financial Services, Digital Access.

From COBIT to ISO 42001: Evaluating cybersecurity frameworks for opportunities, risks, and regulatory compliance in commercializing large language models

This study investigated the integration readiness of four predominant cybersecurity Governance, Risk and Compliance (GRC) frameworks – NIST CSF 2.0, COBIT 2019, ISO 27001:2022, and the latest ISO 42001:2023 – for the opportunities, risks, and regulatory compliance when adopting Large Language Models (LLMs), using qualitative content analysis and expert validation. Our analysis, with both LLMs and human experts in the loop, uncovered potential for LLM integration together with inadequacies in LLM risk oversight of those frameworks. Comparative gap analysis has highlighted that the new ISO 42001:2023, specifically designed for Artificial Intelligence (AI) management systems, provided most comprehensive facilitation for LLM opportunities, whereas COBIT 2019 aligned most closely with the European Union AI Act. Nonetheless, our findings suggested that all evaluated frameworks would benefit from enhancements to more effectively and more comprehensively address the multifaceted risks associated with LLMs, indicating a critical and time-sensitive need for their continuous evolution. We propose integrating human-expert-in-the-loop validation processes as crucial for enhancing cybersecurity frameworks to support secure and compliant LLM integration, and discuss implications for the continuous evolution of cybersecurity GRC frameworks to support the secure integration of LLMs.