• If your business is a merchant or provider organization that handles or stores customer credit card data and related information – you need to abide by the PCI DSS (Payment Card Industry – Data Security Standards) guidelines on building, managing and testing of your IT infrastructure.
  • If you work in a US Public company or accounting firm or are becoming part of one through an acquisition or merger – your management needs to certify the integrity and accuracy of financial reporting as required by the SOX (Sarbanes Oxley) legislation.
  • If your company is a financial institution, the GLBA (Gramm-Leach-Bliley Act) mandates that you must have in place a policy to protect the information from foreseeable threats in security and data integrity – including a written information security plan.
  • If you work in a Federal agency or even in a contracting organization that provides services to the Government, you have to document your risk assessment planning and security event monitoring and triage processes as per FISMA (Federal Information Security Management Act). Further, if your organization has access to and works with classified data, you need to maintain audit records as laid down in the NISPOM (National Industrial Security Program Operating Manual).
  • And of course any employer, medical provider and insurance company in the United States must maintain privacy and security of protected health information as per HIPAA (Health Insurance Portability and Accountability Act) guidelines.
  • Not in the United States? If you are a banking institution located outside the United States, the Basel II Accord lays down broad recommendations on how your management needs to maintain operational oversight of all financial applications, data and reporting.
While the compliance regulations mentioned above provide only illustrative examples, there are a host of other standards that apply based on local, state and national laws in every region and country worldwide.
  • Sarbanes-Oxley
  • GLBA
  • Basel II
  • NERC
  • MA Privacy Law
  • United Kingdom Regulations
  • Germany Regulations
  • Deutschland – Vorschriften
  • France Regulations
  • Réglementations Françaises