IT risks, especially those that involve data and security breaches, are one of the biggest compliance responsibilities faced by organizations today. You only have to witness the fallout of a data breach to understand the impact it can have on a business.
When a cybercriminal manages to infiltrate a network and steal sensitive and confidential data, share prices plummet, brand names are dragged through the mud, CIOs are fired and clients take their custom elsewhere. Just one data breach has the power to bring even the largest organization to its knees.
So, what steps can you take to ensure that your organization complies with the latest IT and data security regulations affecting your industry? In this article, we’ll take a look at the compliance frameworks that are in place to not only protect personal data, but which can also help you to protect your reputation and bottom line.
DFARS is a supplement to the Federal Acquisition that requires all Department of Defense (DoD) contractors who transmit, store or process Controlled Unclassified Information to comply with its regulatory controls.
General Data Protection Regulation (GDPR)
GDPR came into play in May 2018 and has overhauled the way businesses must deal with personal data and specifically, the data of EU citizens. GDPR is fairly complex and consists of 99 articles that detail the rights of individuals and how organizations are obligated to protect data. For example, GDPR requires that organizations affected by the regulations make it easier for individuals to find out what information is stored about them and to gain consent from individuals before storing their data.
Federal Information Security Management Act (FISMA)
FISMA is a federal law that was passed in 2002 and sets out rules requiring federal agencies to develop, implement and document an information security and protection policy. The guidelines and standards were introduced to eliminate the risk to federal data and information while also regulating funding on information security and protection. Since its release, FISMA has been updated to include state agencies such as Medicare. The requirements also apply to any private contractor supplying services to the government.
Sarbanes-Oxley Act (SOX)
Also known as the Corporate Responsibility Act, the Sarbanes-Oxley Act was passed in 2002 to protect investors from potentially fraudulent corporate accounting activities. The Act was developed and passed following a spate of accounting malpractice scandals including Enron Corporation, WorldCom and Tyco, scandals that shook the world and investor confidence.
Health Insurance Portability and Accountability Act (HIPPA)
HIPPA was signed into United States law in 1996 and provides data security and privacy regulations for safeguarding medical data. The law has featured heavily in media and technology publications in recent years due to the steady rise in ransomware and cyber attacks on the medical industry.
Gramm-Leach-Bliley Act (GLBA)
Also known as the Financial Services Modernization Act of 1999, the GLBA was passed by Bill Clinton and protects against the sale and distribution of private financial information. The regulations also protect against financial institutions obtaining private financial information under false pretenses.