Multiple compliance targets are a headache and compliance management as a discipline is not well recognised in the UK. Prioritisation of effort is not defined and security standards are under used and too simplistic. In this talk, Gareth Watkin-Jones will propose a new approach of tagging controls in standards according to their regulatory relevance. This leads to easier reporting and prioritisation of multi-regulatory controls.