Information Security Policies: Keys to Compliance
Information security and data privacy regulations start with two common threads. First, you must adopt a set of information security and privacy policies that reduce organizational risk and protect information assets. Second, you must define and document proper roles and responsibilities for the security organization to insure that critical security and privacy functions are adopted and managed.
Standards-Based Approach to Regulatory Compliance
Information Shield publications enable compliance with any information security or privacy regulation, by enabling a best-practices approach to managing information security that is based on international standards. Our common security policy library is based on international standards, including ISO 17799 (ISO 27002), the international standard for information security management, and the O.E.C.D. Privacy Principles, the international standard for privacy management. Our publications fit squarely in the model of a “unified” approach to compliance.
IT Security Compliance Made Easy
How do you manage the complexity of your information security program without breaking the bank? ComplianceShield enables any organization to easily manage all information security program requirements in a simple, intuitive program.
Specific Regulations Addressed by Information Shield
While our publications help with any compliance program, we also provide specific information to help enable compliance with a number of security and privacy regulations.
- Financial Services – Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), Payment Card Industry Data Security Standard (PCI-DSS).
- Healthcare and Pharmaceuticals – HIPAA (Health Insurance Portability and Accountability Act of 1996) and FDA 21 CFR Part 11.
- Infrastructure and Energy – Guidelines for FERC and NERC Cybersecurity Standards, the Chemical Sector Cyber Security Program and Customs-Trade Partnership Against Terrorism (C-TPAT).
- Federal Government – FISMA (NIST 800-53 Standards) and the NIST Cyber Security Framework (CSF).
- Security Methodologies – We support adoption of security and control frameworks such as ISO 27002 (ISO 27001), COSO and COBIT.
- State Data Protection Laws – MA State Identity Theft Law (201 CMR 17.00)
- Consumer Protection and Data Privacy – Our publications help compliance with all data privacy laws including:
a. Children’s Online Privacy Protection Act (COPPA)
b. Children’s Internet Protection Act (CIPA)
c. CAN-SPAM – Federal law regarding unsolicited electronic mail.
d. BILL C-6: PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (Canada)
e. California Individual Privacy Senate Bill – SB1386
Compliance with Data Privacy Laws
Need to stay up to date with privacy laws and regulations?