Content written here will appear below the page title on the website
Compliance means conforming to a rule, such as a specification, policy, standard or law. Compliance is centered around the requirements of a third party, such as a government, security framework, or client’s contractual terms but also involves protection of your digital assets. Regulations like HIPAA and SOX, or standards like PCI-DSS or ISO:27001, outline very specific security criteria that a business must meet to be deemed compliant. Privacy compliance is being driven by various data protection regulations around the globe such as EUGDPR
Due to the increasing number of regulations and need for operational transparency, organizations are increasingly adopting the use of consolidated and harmonized sets of compliance controls. Most companies think of compliance as a necessary evil as it pertains to laws, constraints, inspections, audits and penalties for those who don’t follow the rules, many of these regulations become mandatory depending on your industry sector and location. And compliance efforts suck up valuable management time, effort and resources. For most organizations ensuring regulatory compliance is not only a mandated requirement but getting more and more challenging. The compliance requirements are becoming more stringent and regulatory landscape is constantly changing.
Regulations and accrediting organizations vary among fields, with examples such as PCI-DSS and GLBA in the financial industry, FISMA for U.S. federal agencies, HACCP for the food and beverage industry, and the Joint Commission and HIPAA in healthcare. In some cases other compliance frameworks (such as COBIT) or even standards (NIST) inform on how to comply with regulations.