Compliance Management

Compliance Frameworks

GDPR Compliance

In May 2018 the European Union introduced regulations which safeguard individuals' personal information by setting specific guidelines on how companies collect and use it. These rules apply even if your company or organization is located outside the EU, yet still processes personal data within it - which means any business hosting websites or storing customer data may need to comply with GDPR at some point in the future. To comply with GDPR, businesses must devise a comprehensive privacy policy detailing what types of data you collect, how you store/use/share it and who's accountable for overseeing these practices; in addition to updating consent forms so their explicit permission has been obtained before collecting any personal information from customers.

CCPA Compliance

CCPA stands for California Consumer Privacy Act and it outlines consumers' rights when it comes to data privacy & protection. For-profit businesses must abide by CCPA regulations if their gross annual revenue exceeds $25 million; buying or selling 50k consumer records (names email addresses phone numbers etc) within an annual period; or making 50% or more revenue selling consumer personal info. Companies should offer users opt out options from having their info collected & shared as well as delete requests on their website and notify users about changes made regarding users' privacy rights rights rights on their website.

CMMC Compliance

The DoD (Department Of Defense) established the Cybersecurity Maturity Model Certification, or CMMC Compliance. To earn certification an organization must show through documentation and audit evidence that they comply with all relevant regulations applicable to their size/sensitivity of CUI they handle; in addition to having internal processes/policies related to cybersecurity risks management/protection that complement CMMC guidance.

NIST Compliance

National Institute Of Standards And Technology has issued minimum cybersecurity standards which organizations worldwide adhere to for improved protections against cyber attacks such as DDOS Trojans etc. To be NIST compliant organizations must configure systems meeting specific criteria (e.g. encryption protocol strong authentication methods patching etc) while showing proof through implementation evidence audit logs reports etc that all measures implemented reduce threats on protected information assets.

CIS Compliancy

The Centre For Internet Security provides best practice guidelines that measure IT systems against known vulnerabilities & establish baselines to aid in creating defenses against them.