Compliance Management

Compliance Frameworks

PCI Compliance

Created by the Payment Card Industry Security Standards Council (PCI SSC), entails 12 requirements merchants must fulfill in order to process and store cardholder data safely. In order to remain compliant, merchants must build and maintain secure networks, protect cardholder data using vulnerability management programs, implement strong access control measures, regularly test networks and maintain an information security policy.

HIPAA Compliance

HIPAA Compliance refers to a set of security guidelines established by the Health Insurance Portability and Accountability Act of 1996 for protecting patient health data privacy. Organizations handling sensitive patient information like hospitals or insurers must keep it protected from unwarranted access by adopting policies and procedures designed to secure its safe sharing, while regular training on HIPAA regulations must also take place within their organization.

GDPR Compliance

In May 2018 the European Union introduced regulations which safeguard individuals' personal information by setting specific guidelines on how companies collect and use it. These rules apply even if your company or organization is located outside the EU, yet still processes personal data within it - which means any business hosting websites or storing customer data may need to comply with GDPR at some point in the future. To comply with GDPR, businesses must devise a comprehensive privacy policy detailing what types of data you collect, how you store/use/share it and who's accountable for overseeing these practices; in addition to updating consent forms so their explicit permission has been obtained before collecting any personal information from customers.

SOC 2 Compliance

Developed by AICPA (American Institute of Certified Public Accountants), ensures cloud service providers can effectively protect customer's confidential data stored on their systems from being misused, mis-used or disclosed without authorization - such as availability, integrity, confidentiality, privacy & process integrity & reliability. Service Organization Control (SOC) should have implemented appropriate technical & organizational measures & adhered to industry standards in order to achieve SOC 2 Compliance. To do this successfully organizations should implement appropriate policies&procedure and adhere to industry standards so as not to allow unauthorized access, misuse or disclosure of any user data which may cause misuse or disclosure without authorization.

CCPA Compliance

CCPA stands for California Consumer Privacy Act and it outlines consumers' rights when it comes to data privacy & protection. For-profit businesses must abide by CCPA regulations if their gross annual revenue exceeds $25 million; buying or selling 50k consumer records (names email addresses phone numbers etc) within an annual period; or making 50% or more revenue selling consumer personal info. Companies should offer users opt out options from having their info collected & shared as well as delete requests on their website and notify users about changes made regarding users' privacy rights rights rights on their website.

CMMC Compliance

The DoD (Department Of Defense) established the Cybersecurity Maturity Model Certification, or CMMC Compliance. To earn certification an organization must show through documentation and audit evidence that they comply with all relevant regulations applicable to their size/sensitivity of CUI they handle; in addition to having internal processes/policies related to cybersecurity risks management/protection that complement CMMC guidance.

NIST Compliance

National Institute Of Standards And Technology has issued minimum cybersecurity standards which organizations worldwide adhere to for improved protections against cyber attacks such as DDOS Trojans etc. To be NIST compliant organizations must configure systems meeting specific criteria (e.g. encryption protocol strong authentication methods patching etc) while showing proof through implementation evidence audit logs reports etc that all measures implemented reduce threats on protected information assets.

CIS Compliancy

The Centre For Internet Security provides best practice guidelines that measure IT systems against known vulnerabilities & establish baselines to aid in creating defenses against them.