Select regional store:

Governance and Regulatory Compliance

Organizations face an ever-increasing list of statutory, regulatory, contractual, and legal compliance obligations.

Learn more about regulatory compliance and which regulations may affect your organization.

Common compliance requirements

In today’s complex regulatory environment, organizations must:

Common regulations

The table below lists the most common regulations that organizations have to comply with, the security areas they cover, and their requirements:


Who Needs to Comply

Security Areas Covered


US healthcare organizations and partners

Creating, storing and transmitting electronic protected health information

All major best-practice security areas

SOX (Sarbanes–Oxley Act) and accounting standards, COSO, COBIT®, SAS

US public companies

Defined to secure the public against corporate fraud and misrepresentation

All major best-practice security areas

PCI DSS (Payment Card Industry Data Security Standard)

Merchants that take credit cards, and service providers that facilitate card payments

Privacy of customer financial data

Varies by size of merchant, requires best practices plus third-party assessments

GLBA – Public Law 106–102, FDIC/FFIEC guidelines, FACT Act, Patriot Act (2001)


US financial institutions

Privacy of personal information, safety of Internet-based products and services, fair and accurate credit transactions, anti-terrorism

Best-practice security, 2FA (two-factor authentication), ensure accuracy and safety, identity verification

Breach laws in all US states

Any company storing, accessing, or sharing personal information

Consumer privacy

All major "Best Practices Security" areas

EU GDPR (General Data Protection Regulation)

Any organization processing personal data of EU residents

Personal data

All major best-practice security areas

FISMA (Federal Information Security Management Act)

US federal agencies

Information and IT systems

NIST has developed its six-step RMF (Risk Management Framework) to enable agencies to achieve compliance

CCPA (California Consumer Privacy Act)

Organizations processing information on California residents or doing business in California

Personal data

All major best-practice areas

Achieve compliance with ISO 27001

 The international information security management standard, ISO 27001/ ISO 27002 provides a framework for helping organisations manage their data securely according to international best practice.

Find out more about our ISO 27001 solutions >>>

Speak to an expert

For more information about our products and services, speak to one of our experts today.

This website uses cookies. View our cookie policy