Governance and Regulatory Compliance

Organizations face an ever-increasing list of statutory, regulatory, contractual, and legal compliance obligations.

Learn more about regulatory compliance and which regulations may affect your organization.

Common compliance requirements

In today’s complex regulatory environment, organizations must:

Grapple with the complexities, costs, and overlaps of governance requirements
Comply with a wide range of information-related regulation, from the EU GDPR (General Data Protection Regulation) to GLBA (Gramm-Leach-Bliley Act), HIPAA (Health Insurance Portability and Accountability Act), PIPEDA (Personal Information Protection and Electronic Documents Act) and the CCPA (California Consumer Privacy Act)
Deal with an increasing exposure to rapidly mutating, sophisticated threats to information and information assets, which exploit a diversity of technical vulnerabilities in IT systems as well as loopholes in procedures and employee behavior

Common regulations

The table below lists the most common regulations that organizations have to comply with, the security areas they cover, and their requirements:

Regulations	Who Needs to Comply	Security Areas Covered	Compliance Requirements
HIPAA	US healthcare organizations and partners	Creating, storing and transmitting electronic protected health information	All major best-practice security areas
SOX (Sarbanes–Oxley Act) and accounting standards, COSO, COBIT^®, SAS	US public companies	Defined to secure the public against corporate fraud and misrepresentation	All major best-practice security areas
PCI DSS (Payment Card Industry Data Security Standard)	Merchants that take credit cards, and service providers that facilitate card payments	Privacy of customer financial data	Varies by size of merchant, requires best practices plus third-party assessments
GLBA – Public Law 106–102, FDIC/FFIEC guidelines, FACT Act, Patriot Act (2001)	US financial institutions	Privacy of personal information, safety of Internet-based products and services, fair and accurate credit transactions, anti-terrorism	Best-practice security, 2FA (two-factor authentication), ensure accuracy and safety, identity verification
Breach laws in all US states	Any company storing, accessing, or sharing personal information	Consumer privacy	All major "Best Practices Security" areas
EU GDPR (General Data Protection Regulation)	Any organization processing personal data of EU residents	Personal data	All major best-practice security areas
FISMA (Federal Information Security Management Act)	US federal agencies	Information and IT systems	NIST has developed its six-step RMF (Risk Management Framework) to enable agencies to achieve compliance
CCPA (California Consumer Privacy Act)	Organizations processing information on California residents or doing business in California	Personal data	All major best-practice areas

Achieve compliance with ISO 27001

The international information security management standard, ISO 27001/ ISO 27002 provides a framework for helping organisations manage their data securely according to international best practice.

Find out more about our ISO 27001 solutions >>>