Regulatory Compliance is among the most critical concerns to organizations to identify gap between their current infrastructure and industry best practices. Organizations laid great effort and invest huge amount of money to ensure that personnel are aware of and take steps to comply with relevant laws and regulations. Regulatory compliance defined benchmark for IT that leads to most critical IT investments decisions for organizations.
Regulatory compliance enforcement is among the most important information security management concerns. Regulatory compliance is a vast domain that contains various standards, frameworks and guidelines for varying degrees of IT security. It is assumed that security and compliance becomes indispensible for proper protection of information assets. A brief overview of all of them is as follows.
|
|
Family Educational Rights and Privacy Act (FERPA)
The federal Family Educational Rights and Privacy Act of 1974 (FERPA) provides a postsecondary student the right to inspect his or her education records and establishes conditions concerning the disclosure of those records to third parties. Although the act does not specifically require that information security be implemented, the protection of electronic student records will require information security covering the student records subject to this federal law.... |
|
|
FDA Rule on Electronic Records and Electronic Signatures (21 C.F.R. Part 11)
In 1997, the U.S. Food and Drug Administration (FDA) issued 21 C.F.R. Part 11, which consists of regulations that provide criteria for the acceptance of electronic records. These criteria include specific information security and electronic signature practices. Part 11 applies to electronic records that are .... |
|
|
The Electronic Communications Privacy Act (ECPA)
In the United States, the Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. This regulatory compliance standard, which was originally passed as an amendment to the Wiretap Act of 1968, applies to both government employees and private citizens. It protects communications in storage as well as in transit |
|
California Senate Bill No. 1386 Compliance
California Senate Bill No. 1386, which became operative July 01, 2003,California is the first state to have an agency dedicated to promoting and protecting the privacy rights of consumers. The Office of Privacy Protection was created by legislation in 2000 and opened in 2001.This regulatory Compliance standard mission is to identify consumer problems in ... |
|
|
FISMA (Federal Information Security Management Act of 2002)FISMA regulatory compliance standard is enforced on federally regulated organizations contain federally regulated information. The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § 3541, et seq.) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107-347, 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests... |
|
|
Can-Spam Act of 2003
This regulatory compliance act is becoming extremely important due to increase in web based business solutions. Can-Spam Act of 2003 is a commonly used name for the United States Federal law more formally known as S. 877 or the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003." The law took effect on January 1, 2004. The Can-Spam Act allows courts to set damages of up to.... |
|
|
The Fair Credit Reporting Act (FCRA)
The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Consumer reporting agencies include credit bureaus and financial agencies -- such as those that sell information about rental history records |
|
Gramm-Leach-Bliley Act (GLBA) Compliance
The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting... |
|
|
Sarbanes-Oxley Compliance
One of the most famous regulatory compliance standard is Sarbanes-Oxley Act. The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect... |
|
|
Visa CISP Compliance
requires member service providers to protect cardholder information by maintaining secure transactions. By June 2005, all online merchants processing more than 20,000 transactions per year are to provide a quarterly compliance questionnaire. Failure to this will result in fines, restrictions or permanent expulsion from card... |
|
|
Payment Card Industry Data Security Standard (PCIDSS)PCI DSS stands for Payment Card Industry Data Security is another critical regulatory compliance standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. Merchants and service providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company
|
|
NERC CSS
NERC regulatory compliance standard is a reliability standard that defines the reliability requirements for planning and operating the North American bulk power system. NERC’s ANSI-accredited standards development process is defined in the Reliability Standards Development Procedure and is guided by reliability and market interface principles. The Reliability Functional Model defines the functions that need to be performed to ensure the bulk electric system operates reliably, and is the foundation upon which the reliability standards are based... |
|
|
Standards Australia
Standards Australia is recognized by the Government as Australia's peak Standards body. This regulatory compliance standard coordinates standardization activities, develops internationally aligned Australian Standards® that deliver Net Benefit to Australia, and facilitates the accreditation of other Standards Development Organizations. Through the Australian International Design Awards it promotes excellence in design and innovation |
|
Data Protection Act 1998 (UK)The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. This regulatory standard is a main piece of legislation that governs the protection of personal data in the UK. Although the Act does not mention privacy, in practice it provides a way in which individuals can control information about themselves. Most of the ... |
|
|
Personal Information Protection and Electronic Documents Act(“PIPEDA”)
The Personal Information Protection and Electronic Documents Act (“PIPEDA”) was introduced in 2001 to protect Canadians from inappropriate collection, use and disclosure of their personal data by organizations in the course of commercial activities. Five years later, the future of PIPEDA regulatory standard is still ambiguous. it is not clear to what extent organizations are in fact respecting the legislation. This study was designed to shed some light on that question, by assessing the compliance of retailers with certain key provisions of PIPEDA |
|
|
European Union’s DPD
The European Union is based on the respect for fundamental rights. Article 8 of the Charter of Fundamental Rights of the European Union expressly recognizes the fundamental right to the protection of personal data. In order to remove potential obstacles to the flows of Personal Data and to ensure a high level of protection within the EU, data protection legislation has been... |
|
|
EC Directive
The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law. The directive was implemented in 1995 by the European Commission. |
|
American Express Compliance
American Express Compliance as defined Do's and Don't for data security as described below and American express requires its merchants to follow in-order to stay in compliance with the standard set forth. |
|
|
|
Health Insurance Portability and Accountability Act (HIPAA)
HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. This regulatory standard seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and confidentiality of all healthcare-related data there are two sections to the Act. HIPAA Title I deal with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes... |
|
|
| |
The Children's Online Privacy Protection Act
The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC). |
|
