This is a non-exhaustive list of compliance regulations and standards that may be taken into account in an organization.
The obligation or recommendation to follow these regulations or standards depends on the type of activity and location of the activity of the organization.
List of international IT Security Compliance Regulations and Standards
- Card Payment
- Payment Card Industry Data Security Standard (PCI DSS)
- PA-DSS
- PCI PIN
- Point-to-Point Encryption (P2PE)
- 3-D Secure (3DS)
- Finance
- Service Organization Control (SOC)
- SWIFT Assessment
- IT Systems Management
- ISO/IEC 27001: Information Security Management
- ISO/IEC 27032: Guideline for Cybersecurity
- ISO 22301: Business Continuity
- OWASP SAMM (Software Assurance Maturity Model)
Regional IT Security Compliance Regulations and Standards
Take into account that some regulations (like EU’s GDPR) apply as soon your organization handles information related to this area. In the GDPR example, it is not necessary that you are established within EU to need to abide by this regulation.
USA IT Security Compliance Regulations and Standards
Some of IT Security Compliance Regulations and Standards that are applicable in the USA:
- Data Privacy
- HIPAA (Health Insurance Portability and Accountability Act)
- CCPA (California Consumer Policy Act) – California, USA
- Electrical
- North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
- Other
- Federal Risk and Authorization Management Program (FedRAMP)
- NIST 800.171 (DIB)
- International Traffic in Arms Regulations (ITAR)
- Internal Revenue Service (IRS) Publication 1075
- Department of Defense (DoD) Impact Level 2 (IL2)
- L4 & L5
- Criminal Justice Information Services (CJIS)
UK IT Security Compliance Regulations and Standards
IT Security Compliance Regulations and Standards that are applicable in the United Kingdom:
- Privacy
- Data Protection Act 2018
- UK General Data Protection Regulation (GDPR)
- Privacy and Electronic Communications (EC Directive) Regulations 2003
The Information Commissioner’s Office (ICO) is the organism within the UK government that legislate most of these regulations.
A Subject Access Request (SAR) is a request made by or on behalf of an individual for the information which they are entitled to ask for under Article 15 of the UK GDPR.
An Organisation Code (ODS) is required for all organizations that work for the NHS.
EU IT Security Compliance Regulations and Standards
IT Security Compliance Regulations and Standards that are applicable in the European Union:
- IT Security
- Network and Information Security (NIS) Directive
- Data Privacy
- General Data Protection Regulation (GDPR) (post)
- Banking
- Revised Payment Service Directive (PSD2)
- Automotive
Spain IT Security Compliance Regulations and Standards
Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in Spain:
- IT Security
- Esquema Nacional de Seguridad (ENS)
- Data Privacy
- LOPD (Ley Orgánica de Protección de Datos) – Spain
- Internal Control
- SCIIF / SCIINF
Colombia IT Security Compliance Regulations and Standards
Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in Colombia:
- Data Privacy
- Ley 1581/2012 – Colombia
[…] may check this post about popular compliance […]
[…] IT Security Compliance Regulations and Standards […]
[…] IT Securrity Compliance Regulations and Standards […]