Close

Information security is not just something you do when you get around to it. There are regulations that require organizations to protect personal information and the fines and penalties for not doing so can be significant.

These regulations, a subset is defined below, often result from past data breaches and are usually centered on protecting personally identifiable data such as Health Information, Credit/Debit Card numbers, Email Addresses, Passwords, Financial Account information and Social Security numbers. Compliance with regulations is not negotiable and cannot be achieved by simply purchasing a single product right before the auditor arrives. Compliance with regulations most always requires a combination of security products, policies and management commitment. The cost of non-compliance can be devastating to an organization.  Risk Based Security can help you be ready by performing an internal compliance review and gap analysis before the auditor shows up.

RegulationWho is affected?What does it cover?
Sarbanes-Oxley Act (SOX)Publicly held USA corporationsAccuracy and reliability of corporate disclosures
Payment Card Industry Data Security Standard (PCI DSS)   (Standard vs. Regulation)Retailers, credit card companies, credit card  data handlersSecurity of payment customer account data
Gramm-Leach-Bliley Act (GLBA)Financial institutions handling Consumer Financial InformationProtect consumers’ personal financial information
Health Insurance Portability and Accountability Act (HIPAA)Health care providers, health plans, health clearinghouses and business associatesEfficiency and effectiveness of the health care system and the security and privacy of personal health information (PHI)
The Health Information Technology for Economic and Clinical Health Act (HITECH)Health care providers, health plans, health clearinghouses and business associatesWidens the scope of privacy and security protections available under HIPAA, increases the potential legal liability for non-compliance and provides for more enforcement.
Federal Information Security Management Act (FISMA)Federal agenciesImplementation of a security program for information and information systems
Personal Information Protection and Electronic Documents Act (PIPED ActPrivate-sector companies doing business in CanadaCollecting, using and disclosing personal information
Law on the Protection of Personal Data Held by Private Parties—MexicoMexican businesses, as well as any company that operates or advertises in MexicoRequires organizations to have a lawful basis for collecting, processing, using and disclosing personally identifiable information
European Union Data Protection DirectiveEuropean businesses, as well as non-European companies to which data is exported (see Safe Harbor Act, below).Places limits on the collection and use of personal data
Safe Harbor ActU.S. companies doing business in EuropeTransfer of personal data to non-European Union nations

Helpful Links

RegulationHelpful Links
Sarbanes-Oxley Act (SOX)http://www.gpo.gov/fdsys/pkg/PLAW-107publ204/content-detail.html
Payment Card Industry Data Security Standard (PCI DSS)https://www.pcisecuritystandards.org/security_standards/documents.php
Gramm-Leach-Bliley Act (GLBA)http://business.ftc.gov/privacy-and-security/gramm-leach-bliley-act
Health Insurance Portability and Accountability Act (HIPAA)http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html
The Health Information Technology for Economic and Clinical Health Act (HITECH)http://www.hipaasurvivalguide.com/hitech-act-text.php
Federal Information Security Management Act (FISMA)http://csrc.nist.gov/groups/SMA/fisma/
Personal Information Protection and Electronic Documents Act (PIPED Acthttp://www.parl.gc.ca/HousePublications/Publication.aspx?doc=c-6&language=E&parl=36&pub=bill&ses=2
Law on the Protection of Personal Data Held by Private Parties—Mexicohttp://www.dof.gob.mx/nota_detalle.php?codigo=5150631&fecha=05/07/2010
European Union Data Protection Directivehttp://ec.europa.eu/justice/data-protection/index_en.htm
Safe Harbor Acthttp://export.gov/safeharbor/eu/eg_main_018476.asp

Call  855-RBS-RISK or eMail:  [email protected] to arrange your compliance review.

Our products
VulnDB
Vulnerability Intelligence
Learn more
Cyber Risk Analytics
Threat Intelligence
Learn more
YourCISO
Risk Managment
Learn more
Request Demo