IT Security Compliance Regulations and Standards

This is a non-exhaustive list of compliance regulations and standards that may be taken into account in an organization.

The obligation or recommendation to follow these regulations or standards depends on the type of activity and location of the activity of the organization.

List of international IT Security Compliance Regulations and Standards 

  • Card Payment
    • Payment Card Industry Data Security Standard (PCI DSS)
    • PA-DSS
    • PCI PIN
    • Point-to-Point Encryption (P2PE)
    • 3-D Secure (3DS)
  • Finance
    • Service Organization Control (SOC)
    • SWIFT Assessment
  • IT Systems Management
    • ISO/IEC 27001: Information Security Management
    • ISO/IEC 27032: Guideline for Cybersecurity
    • ISO 22301: Business Continuity
    • OWASP SAMM (Software Assurance Maturity Model)
  • International Trade Management
    • Authorised Economic Operator (AEO) for Customs

Regional IT Security Compliance Regulations and Standards

Take into account that some regulations (like EU’s GDPR) apply as soon your organization handles information related to this area. In the GDPR example, it is not necessary that you are established within EU to need to abide by this regulation.

USA IT Security Compliance Regulations and Standards

Some of IT Security Compliance Regulations and Standards that are applicable in the USA:

  • Data Privacy
    • HIPAA (Health Insurance Portability and Accountability Act)
    • CCPA (California Consumer Policy Act) – California, USA
  • Electrical
    • North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
  • Other
    • Federal Risk and Authorization Management Program (FedRAMP)
    • NIST 800.171 (DIB)
    • International Traffic in Arms Regulations (ITAR)
    • Internal Revenue Service (IRS) Publication 1075
    • Department of Defense (DoD) Impact Level 2 (IL2)
    • L4 & L5
    • Criminal Justice Information Services (CJIS)

UK IT Security Compliance Regulations and Standards

IT Security Compliance Regulations and Standards that are applicable in the United Kingdom:

  • Privacy
    • Data Protection Act 2018
    • UK General Data Protection Regulation (GDPR)
    • Privacy and Electronic Communications (EC Directive) Regulations 2003

The Information Commissioner’s Office (ICO) is the organism within the UK government that legislate most of these regulations.

A Subject Access Request (SAR) is a request made by or on behalf of an individual for the information which they are entitled to ask for under Article 15 of the UK GDPR.

An Organisation Code (ODS) is required for all organizations that work for the NHS.

EU IT Security Compliance Regulations and Standards

IT Security Compliance Regulations and Standards that are applicable in the European Union:

  • IT Security
    • Network and Information Security (NIS) Directive
  • Data Privacy
    • General Data Protection Regulation (GDPR) (post)
  • Banking
    • Revised Payment Service Directive (PSD2)
  • Automotive

EU agencies:

  • European Banking Authority (EBA)
  • European Insurance and Occupational Pensions Authority (EIOPA)

Germany IT Security Compliance Regulations and Standards

Regulatories agencies in Germany:

  • Federal Office for Information Security (BSI, from the German Bundesamt für Sicherheit in der Informationstechnik)

France IT Security Compliance Regulations and Standards

Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in France:

  • Critical Infrastructures
    • Loid de Programmation Militaire (LPM)
  • Point-of-Sale (POS)
    • Certification des Systèmes de Caisse

Regulatory agencies in France:

  • ANSII

Spain IT Security Compliance Regulations and Standards

Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in Spain:

  • IT Security
    • ENS (Esquema Nacional de Seguridad)
  • Data Privacy
    • LOPD-GDD (Ley Orgánica de Protección de Datos-Garantía de Derechos Digitales)
  • Internal Control
    • SCIIF / SCIINF (Sistema de Control Interno de la Información Financiera)

Regulatory agencies in Spain:

  • Agencia Española de Protección de Datos (AEPD), Spanish Agency for Data Protection
  • CNMV
  • CNMC
  • Banco de España (BdE), Bank of Spain

Colombia IT Security Compliance Regulations and Standards

Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in Colombia:

  • Data Privacy
    • Ley 1581/2012 – Colombia

You might also be interested in…

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *