Corporate Regulatory Compliance

Regulatory Compliance Management

To encourage and oblige businesses and governments to increase efficiency and transparency, numerous regulatory compliance standards and laws have been enacted. These new legal and regulatory compliance laws and compliance regulations require compliance departments to ensure the integrity of the information system and the compliance database to provide the information necessary for the development of numerous reports of compliance. To perform these critical tasks, the corporate compliance department must have the proper regulatory compliance training, possess the correct regulatory compliance software tools to know and understand the managed environment to control and make use of the regulatory compliance solutions available to act quickly on the resources that compose it. The regulatory compliance and corporate compliance websites offer a range of regulatory compliance software and regulatory compliance services to facilitate compliance with regulatory compliance audit standards and methodologies.

Also see: , , , , ,

HIPAA Regulatory Compliance

HIPAA Compliance

The Health Insurance Portability and Accountability Act (HIPAA) is a regulatory compliance law that requires all participants and stakeholders in the health care field in the United States of America to protect patient medical data and information.

The healthcare compliance regulations of the HIPAA Act establish standards in 3 areas:

  • Privacy Protection
  • Security of electronic transactions and the encoding of medical data
  • Protection of the confidentiality, integrity and availability of medical data

Also see: , , , , ,

Federal Information Security Management Act - FISMA

Security Compliance

The Federal Information Security Management Act (FISMA) is an American law enacting measures to secure goods and information for the federal United States government. FISMA assigns to the National Institute of Standards and Technology (NIST) the responsibility to develop standards and safety procedures to be followed by US government agencies to strengthen the security of information systems. These regulatory compliance standards were published in the document Federal Information Processing Standards Publication 200 (FIPS PUB 200) and the security checks to be performed are described in the document NIST Publication 800-53.

Compliance with FISMA is mandated by law to protect the confidentiality, integrity and availability of information and systems that support the operations and assets of government agencies. The security policy requirements described in FIPS PUB 200 cover 17 areas related to information security:

  • Access Control
  • Awareness and Training
  • Audit and Accountability
  • Evaluation of Controls
  • Configuration Management
  • Business Continuity Plan and Disaster Recovery
  • Identification and Authentication
  • Incident Management
  • Maintenance
  • Protection of Media
  • Physical Protection and Environmental Protection
  • Planning
  • Accreditation
  • Risk Assessment
  • Acquisition of Systems and Services
  • Protection of Systems and Communications
  • Integrity of Systems and Information

Also see: , , , , , , , , , ,

PCI Compliance

PCI Data Security Standard

The Payment Card Industry Digital Security Standard (PCI DSS) explains best practices for securing how credit card data is stored, processed and transmitted. All companies and organizations that carry out credit card transactions or store payment card information related to credit cards must comply with the PCI standard.

Credit Card Processing

The PCI compliance standard requires that organizations:

  • Continuously monitor credit card processing information systems
  • Monitor and log all access to credit card data

PCI Compliant Hosting

Web hosting companies can provide PCI DSS compliant managed hosting services. To find a PCI hosting provider that meets the payment card industry standards and can completely fulfill all of the IT controls stipulated by the PCI DSS standard, make sure that the web hosting service is Level 1 PCI DSS certified and has experience hosting managed PCI DSS compliant applications for the various card brands, payment processors and payment gateways. See web hosting reviews for more information on finding managed hosting in a Visa-certified PCI compliant data center.

Also see: , , , , , , , ,

SOX Regulatory Compliance

Sarbanes Oxley Act

The Sarbanes Oxley Act seeks to improve the accuracy and reliability of financial reporting of publically listed companies. Company executives, in particular the CEO and CFO, are now personally responsible for collection procedures and data integrity in the context of financial reports of the company.

This Sarbanes-Oxley Act is composed of 11 titles, each title having multiple sections that describe specific mandates of the law. Sarbanes Oxley Compliance has significant implications for information systems related to financial reporting. To meet these regulatory compliance requirements, companies need flexible compliance software systems that facilitate archiving and records management safely and effectively.

Specific Sarbanes Oxley sections related to IT regulatory compliance include:

  • Sarbanes Oxley section 302: Disclosure controls and procedures
  • Sarbanes Oxley section 404: Assessment of internal control
  • Sarbanes Oxley section 409: Real time issuer disclosure mandate
  • Sarbanes Oxley section 802: Criminal penalties for altering documents

Also see: , , , , , ,

Gramm Leach Bliley Act - GLBA

Gramm Leach Bliley Privacy

The Gramm Leach Bliley Act (GLBA) is a law that requires financial institutions in the United States to protect the personal information of customers and clients.

Companies and agencies concerned this Act, including commercial banks, investment banks, securities firms and insurance companies who must follow regulatory compliance guidelines and shall be required to:

  • Ensure the security and confidentiality of client information and customer data
  • Protect against threats that may have an effect upon this data
  • Protect against unauthorised access to client data and misuse of this confidential information

Also see: , , , , , ,

Loi Securite Financiere - French Financial Security Law

Loi Epargne Securite Financiere

The French Financial Security Law (LSF - La Loi sur la Sécurité Financière) for French companies requires extensive use of internal controls guided by practical experience and observation to lead to greater transparency in financial reporting for company stakeholders, shareholders and investors.

The LSF Loi Securite Financiere entrusts to the president of a company responsiblity for the drafting and content of an annual report on internal control procedures implemented within the company.

Regulatory Compliance with the LSF consists of 3 steps:

  • Implementation of regulatory controls
  • Monitoring of internal control procedures
  • Reporting on regulatory control compliance

Also see: , , , , ,
Subscribe to: Posts (Atom)