New FISMA, HIPAA and SOX guidance published by IT Governance

Last month we published fresh guidance on US federal information security laws and regulations, including FISMA, HIPAA and SOX.

Full of useful information, this new guidance explains the legislation and what your organization needs to do to comply.

FISMAThe Federal Information Security Management Act of 2002 (FISMA) >>

This United States federal law requires federal agencies to implement information security programs to ensure the confidentiality, integrity and availability of their information and IT systems, including those provided or managed by other agencies or contractors. Find out more about implementation, compliance, reporting, auditing and penalties for non-compliance here >>

HIPAAThe Health Insurance Portability and Accountability Act of 1996 (HIPAA) >>

HIPAA aims to make it easier for people to keep their health insurance when they change jobs, to protect the confidentiality and security of health care information, and to help the health care industry control its administrative costs. Find out more about the Privacy Rule, the Security Rule, violations and how best to comply here >>


SOXThe Sarbanes-Oxley Act of 2002 (SOX) >>

SOX aims to improve the accuracy and reliability of financial disclosures for all US public company boards, management and public accounting firms. Find out who it applies to, what the 11 titles are, guidance for compliance and the penalties here >>


FISMA, HIPAA and SOX are some of America’s biggest legislation in terms of securing data and are applicable across all 50 states.

The new content from IT Governance offers a unique aggregation of information, including details of the acts, key requirements, penalties, and advice on compliance. To create this content, we used our unique insight into the US data protection industry, primary sources of all the legislation, and various relevant sources. Comparably comprehensive free information is unavailable elsewhere on the web.

In order to support multiple legislative and regulatory requirements, many US companies are implementing a robust information security management system (ISMS) aligned to ISO27001, the international information security standard due to its holistic approach to people, processes and technology.

IT Governance’s ISO27001 packaged solutions  provide US organizations with a fixed-price combination of products and services that will enable them to implement ISO27001 and achieve effective cyber security. Find out more: