Compliance and Regulation Standards

Depending on the industry and location of where the business is being done, business owners and managers legally must follow some of the compliance standards, including GDPR & HIPPA, as to not receive hefty fines from government entities. Other standards such as SOC2 and ISO27001 are voluntary but can provide significant assurance to stakeholders.

GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don’t specifically market goods or services to EU residents.

The GDPR mandates that EU visitors be given a number of data disclosures. The site must also take steps to facilitate such EU consumer rights as a timely notification in the event of personal data being breached. Adopted in April 2016, the Regulation came into full effect in May 2018, after a two-year transition period.


HIPPA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.


COPPA

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.


ADA

The Americans with Disabilities Act (ADA) became law in 1990. The ADA is a civil rights law that prohibits discrimination against individuals with disabilities in all areas of public life, including jobs, schools, transportation, and all public and private places that are open to the general public. The purpose of the law is to make sure that people with disabilities have the same rights and opportunities as everyone else. The ADA gives civil rights protections to individuals with disabilities similar to those provided to individuals on the basis of race, color, sex, national origin, age, and religion. It guarantees equal opportunity for individuals with disabilities in public accommodations, employment, transportation, state and local government services, and telecommunications. The ADA is divided into five titles (or sections) that relate to different areas of public life.

In 2008, the Americans with Disabilities Act Amendments Act (ADAAA) was signed into law and became effective on January 1, 2009. The ADAAA made a number of significant changes to the definition of “disability.” The changes in the definition of disability in the ADAAA apply to all titles of the ADA, including Title I (employment practices of private employers with 15 or more employees, state and local governments, employment agencies, labor unions, agents of the employer, and joint management-labor committees); Title II (programs and activities of state and local government entities); and Title III (private entities that are considered places of public accommodation).


SOC 2

SOC 2 is a compliance standard for service organizations, created by the American Institute of CPA’s (AICPA) which specifies how organizations should manage customer data. SOC 2 is based on: security, availability, processing integrity, confidentiality, privacy.

  • Risk Assessment
  • GAP Assessment 


ISO27001


ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

  • Risk Assessment
  • GAP Assessment 

Share:

Facebook
Twitter
Pinterest
LinkedIn

1 thought on “Compliance and Regulation Standards”

Comments are closed.

On Key

Related Posts

email security stats

Why Email Security Matters in 2022

Small firms need to take email security seriously. When it comes to cybersecurity, small businesses are often too cautious about their email security. They generally opt for consumer-grade security services that don’t offer the protection they need. Cybersecurity statistics show that small businesses are lucrative targets for cybercriminals. In fact, small firms account for 13

digital marketing content strategy

Content Strategy 2022-2025

In this article, we’ll talk about how you can use digital marketing and video production to generate leads for your business. Content Strategy Through Digital Marketing Digital marketing is a great way to get your message out to the public. It’s cost-effective and easy to implement, with many options available for businesses of all sizes.

airexplorer to s3

How to Backup Personal Data or Business Data in AWS S3 2022

If you need a solution to store data in the cloud, then have I got the solution for you. For the past year, I’ve used AirExplorer to manage and upload backups and files to the Amazon S3 cloud for safekeeping. In comparison to the other tools I’ve used, AirExplorer works the best for most personal

mailbird vs. outlook scaled

Outlook vs. Mailbird

Microsoft Outlook is outdated and a pain in the butt to get to work in everyday businesses. Besides printers, I spend way too much time diagnosing and “fixing” issues/bugs with outlook only for the same dang issue to happen two days later. Ost, pst files, and error logs oh my. Why do companies insist on

sticky notes on screen password manager compressed scaled e1654126169635

Why You NEED a password manager in 2022 more now than ever

For decades, passwords have been the gatekeepers of our data from others. In an ever-evolving world, 2FA (2-factor authentication) is becoming more prevalent by the day. As a member of the internet, you must protect yourself from malicious entities such as hackers, overseas governments, and even joe shmo down the hall. With the processing power