Compliance and Regulation Standards

Depending on the industry and location of where the business is being done, business owners and managers legally must follow some of the compliance standards, including GDPR & HIPPA, as to not receive hefty fines from government entities. Other standards such as SOC2 and ISO27001 are voluntary but can provide significant assurance to stakeholders.

GDPR

The General Data Protection Regulation (GDPR) is a legal framework that sets guidelines for the collection and processing of personal information from individuals who live in the European Union (EU). Since the Regulation applies regardless of where websites are based, it must be heeded by all sites that attract European visitors, even if they don’t specifically market goods or services to EU residents.

The GDPR mandates that EU visitors be given a number of data disclosures. The site must also take steps to facilitate such EU consumer rights as a timely notification in the event of personal data being breached. Adopted in April 2016, the Regulation came into full effect in May 2018, after a two-year transition period.


HIPPA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.


COPPA

COPPA imposes certain requirements on operators of websites or online services directed to children under 13 years of age, and on operators of other websites or online services that have actual knowledge that they are collecting personal information online from a child under 13 years of age.


ADA

The Americans with Disabilities Act (ADA) became law in 1990. The ADA is a civil rights law that prohibits discrimination against individuals with disabilities in all areas of public life, including jobs, schools, transportation, and all public and private places that are open to the general public. The purpose of the law is to make sure that people with disabilities have the same rights and opportunities as everyone else. The ADA gives civil rights protections to individuals with disabilities similar to those provided to individuals on the basis of race, color, sex, national origin, age, and religion. It guarantees equal opportunity for individuals with disabilities in public accommodations, employment, transportation, state and local government services, and telecommunications. The ADA is divided into five titles (or sections) that relate to different areas of public life.

In 2008, the Americans with Disabilities Act Amendments Act (ADAAA) was signed into law and became effective on January 1, 2009. The ADAAA made a number of significant changes to the definition of “disability.” The changes in the definition of disability in the ADAAA apply to all titles of the ADA, including Title I (employment practices of private employers with 15 or more employees, state and local governments, employment agencies, labor unions, agents of the employer, and joint management-labor committees); Title II (programs and activities of state and local government entities); and Title III (private entities that are considered places of public accommodation).


SOC 2

SOC 2 is a compliance standard for service organizations, created by the American Institute of CPA’s (AICPA) which specifies how organizations should manage customer data. SOC 2 is based on: security, availability, processing integrity, confidentiality, privacy.

  • Risk Assessment
  • GAP Assessment 


ISO27001


ISO/IEC 27001 is widely known, providing requirements for an information security management system (ISMS), though there are more than a dozen standards in the ISO/IEC 27000 family. Using them enables organizations of any kind to manage the security of assets such as financial information, intellectual property, employee details or information entrusted by third parties.

  • Risk Assessment
  • GAP Assessment 

Share:

Facebook
Twitter
Pinterest
LinkedIn

1 thought on “Compliance and Regulation Standards”

Comments are closed.

On Key

Related Posts

mailbird vs. outlook

Outlook vs. Mailbird

Microsoft Outlook is outdated and a pain in the butt to get to work in everyday businesses. Besides printers, I spend way too much time diagnosing and “fixing” issues/bugs with outlook only for the same dang issue to happen two days later. Ost, pst files, and error logs oh my. Why do companies insist on

blank

Why You NEED a password manager in 2022 more now than ever

For decades, passwords have been the gatekeepers of our data from others. In an ever-evolving world, 2FA (2-factor authentication) is becoming more prevalent by the day. As a member of the internet, you must protect yourself from malicious entities such as hackers, overseas governments, and even joe shmo down the hall. With the processing power

How to Create a Google Review Sticker for Restaurant or Store Front Window

How to Create a Google Review Sticker for Restaurant or Store Front Window Find your Google Mybusiness review share link by: Go to your Google Business Profile Manager Click “Get more reviews”->Share review form button Copy Google share link 1.) 2.) 3.) Create Trackable QR code (for free) by: 4. Go to https://bitly.com/ and get

Compliance and Regulation Standards

Depending on the industry and location of where the business is being done, business owners and managers legally must follow some of the compliance standards, including GDPR & HIPPA, as to not receive hefty fines from government entities. Other standards such as SOC2 and ISO27001 are voluntary but can provide significant assurance to stakeholders. GDPR

Cameras – Security

When securing a home, apartment, or business building – cameras are a great first line of defense when it comes to protecting assets. There are many reasons/use cases for cameras but here are a few common use cases: Home or Apartment Doorbell camera Side / backyard Business Entry points (doors, gates, even vents) Secure rooms/vaults