Regulatory Compliance Statements

Regulatory Compliance is among the most critical concerns to organizations to identify gap between their current infrastructure and industry best practices. Organizations laid great effort and invest huge amount of money to ensure that personnel are aware of and take steps to comply with relevant laws and regulations. Regulatory compliance defined benchmark for IT that leads to most critical IT investments decisions for organizations. Regulatory compliance enforcement is among the most important information security management concerns. Regulatory compliance is a vast domain that contains various standards, frameworks and guidelines for varying degrees of IT security. It is assumed that security and compliance becomes indispensible for proper protection of information assets. A brief overview of all of them is as follows.
American Express Regulatory Compliance

American Express Compliance as defined Do's and Don't for data security as described below and American express requires its merchants to follow in-order to stay in compliance with the standard set forth.
California Senate Bill No. 1386 Regulatory Compliance

California Senate Bill No. 1386, which became operative July 01, 2003,California is the first state to have an agency dedicated to promoting and protecting the privacy rights of consumers. The Office of Privacy Protection was created by legislation in 2000 and opened in 2001.This regulatory Compliance standard mission is to identify consumer problems in ...
Can-Spam Act of 2003 Regulatory Compliance

This regulatory compliance act is becoming extremely important due to increase in web based business solutions. Can-Spam Act of 2003 is a commonly used name for the United States Federal law more formally known as S. 877 or the "Controlling the Assault of Non-Solicited Pornography and Marketing Act of 2003." The law took effect on January 1, 2004. The Can-Spam Act allows courts to set damages of up to....
Data Protection Act 1998 (UK) Regulatory Compliance

The Data Protection Act 1998 (DPA) is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. This regulatory standard is a main piece of legislation that governs the protection of personal data in the UK. Although the Act does not mention privacy, in practice it provides a way in which individuals can control information about themselves. Most of the ...
EC Directive Regulatory Compliance

The Data Protection Directive (officially Directive 95/46/EC on the protection of individuals with regard to the processing of personal data and on the free movement of such data) is a European Union directive which regulates the processing of personal data within the European Union. It is an important component of EU privacy and human rights law. The directive was implemented in 1995 by the European Commission.
FISMA (Federal Information Security Management Act of 2002) Regulatory Compliance
FISMA regulatory compliance standard is enforced on federally regulated organizations contain federally regulated information. The Federal Information Security Management Act of 2002 ("FISMA", 44 U.S.C. § 3541, et seq.) is a United States federal law enacted in 2002 as Title III of the E-Government Act of 2002 (Pub.L. 107-347, 116 Stat. 2899). The act recognized the importance of information security to the economic and national security interests...
FDA Rule on Electronic Records and Electronic Signatures (21 C.F.R. Part 11) Regulatory Compliance

In 1997, the U.S. Food and Drug Administration (FDA) issued 21 C.F.R. Part 11, which consists of regulations that provide criteria for the acceptance of electronic records. These criteria include specific information security and electronic signature practices. Part 11 applies to electronic records that are ....
Family Educational Rights and Privacy Act (FERPA) Regulatory Compliance

The federal Family Educational Rights and Privacy Act of 1974 (FERPA) provides a postsecondary student the right to inspect his or her education records and establishes conditions concerning the disclosure of those records to third parties. Although the act does not specifically require that information security be implemented, the protection of electronic student records will require information security covering the student records subject to this federal law....
Gramm-Leach-Bliley Act (GLBA) Regulatory Compliance

The Financial Modernization Act of 1999, also known as the "Gramm-Leach-Bliley Act" or GLB Act, includes provisions to protect consumers' personal financial information held by financial institutions. There are three principal parts to the privacy requirements: the Financial Privacy Rule, Safeguards Rule and pretexting...
Health Insurance Portability and Accountability Act (HIPAA)Regulatory Compliance

HIPAA is the United States Health Insurance Portability and Accountability Act of 1996. This regulatory standard seeks to establish standardized mechanisms for electronic data interchange (EDI), security, and confidentiality of all healthcare-related data there are two sections to the Act. HIPAA Title I deal with protecting health insurance coverage for people who lose or change jobs. HIPAA Title II includes...
NERC CSS Regulatory Compliance

NERC regulatory compliance standard is a reliability standard that defines the reliability requirements for planning and operating the North American bulk power system. NERC’s ANSI-accredited standards development process is defined in the Reliability Standards Development Procedure and is guided by reliability and market interface principles. The Reliability Functional Model defines the functions that need to be performed to ensure the bulk electric system operates reliably, and is the foundation upon which the reliability standards are based...
Payment Card Industry Data Security Standard (PCI DSS)Regulatory Compliance

PCI DSS stands for Payment Card Industry Data Security is another critical regulatory compliance standard. It was developed by the major credit card companies as a guideline to help organizations that process card payments prevent credit card fraud, hacking and various other security issues. A company processing, storing, or transmitting credit card numbers must be PCI DSS compliant or they risk losing the ability to process credit card payments. Merchants and service providers must validate compliance with an audit by a PCI DSS Qualified Security Assessor (QSA) Company
Personal Information Protection and Electronic Documents Act(“PIPEDA”)Regulatory Compliance

The Personal Information Protection and Electronic Documents Act (“PIPEDA”) was introduced in 2001 to protect Canadians from inappropriate collection, use and disclosure of their personal data by organizations in the course of commercial activities. Five years later, the future of PIPEDA regulatory standard is still ambiguous. it is not clear to what extent organizations are in fact respecting the legislation. This study was designed to shed some light on that question, by assessing the compliance of retailers with certain key provisions of PIPEDA
Sarbanes-Oxley Regulatory Compliance

One of the most famous regulatory compliance standard is Sarbanes-Oxley Act. The Sarbanes-Oxley Act of 2002 (often shortened to SOX) is legislation enacted in response to the high-profile Enron and WorldCom financial scandals to protect...
The Electronic Communications Privacy Act (ECPA) Regulatory Compliance

In the United States, the Electronic Communications Privacy Act (ECPA) is a United States federal statute that prohibits a third party from intercepting or disclosing communications without authorization. This regulatory compliance standard, which was originally passed as an amendment to the Wiretap Act of 1968, applies to both government employees and private citizens. It protects communications in storage as well as in transit...
The Fair Credit Reporting Act (FCRA) Regulatory Compliance.

The Fair Credit Reporting Act (FCRA) is United States federal legislation that promotes accuracy, fairness and privacy for data used by consumer reporting agencies. Consumer reporting agencies include credit bureaus and financial agencies -- such as those that sell information about rental history records...
The Children's Online Privacy Protection Act Regulatory Compliance

The Children's Online Privacy Protection Act (COPPA) is a law created to protect the privacy of children under 13. The Act was passed by the U.S. Congress in 1998 and took effect in April 2000. COPPA is managed by the Federal Trade Commission (FTC).
Visa CISP Regulatory Compliance

requires member service providers to protect cardholder information by maintaining secure transactions. By June 2005, all online merchants processing more than 20,000 transactions per year are to provide a quarterly compliance questionnaire. Failure to this will result in fines, restrictions or permanent expulsion from card...



Home Security Auditing Secure Auditor Suite 24/7 Support Center Buy Online
About Us Security Assessment Secure Oracle Auditor Knowledge Base
Resources Network Designing Secure Windows Auditor
Careers System Hardening Secure Cisco Auditor