IT Compliance with Regulations is part of IT Security Compliance. You can read a more general post about this topic on this post.
This is a non-exhaustive list of compliance regulations and standards that may be taken into account in an organization.
The obligation or recommendation to follow these regulations or standards depends on the type of activity and location of the activity of the organization.
Regulations related to IT Security Compliance by Country
Take into account that some regulations (like EU’s GDPR) apply as soon your organization handles information related to this area. In the GDPR example, it is not necessary that you are established within EU to need to abide by this regulation.
USA IT Security Compliance Regulations and Standards
Some of IT Security Compliance Regulations and Standards that are applicable in the USA:
- Data Privacy
- HIPAA (Health Insurance Portability and Accountability Act)
- CCPA (California Consumer Policy Act) – California, USA
- Electrical
- North American Electric Reliability Corporation (NERC) Critical Infrastructure Protection (CIP)
- Other
- Federal Risk and Authorization Management Program (FedRAMP)
- NIST 800.171 (DIB)
- International Traffic in Arms Regulations (ITAR)
- Internal Revenue Service (IRS) Publication 1075
- Department of Defense (DoD) Impact Level 2 (IL2)
- L4 & L5
- Criminal Justice Information Services (CJIS)
UK IT Security Compliance Regulations and Standards
IT Security Compliance Regulations and Standards that are applicable in the United Kingdom:
- Privacy
- Data Protection Act 2018
- UK General Data Protection Regulation (GDPR)
- Privacy and Electronic Communications (EC Directive) Regulations 2003
The Information Commissioner’s Office (ICO) is the organism within the UK government that legislate most of these regulations.
A Subject Access Request (SAR) is a request made by or on behalf of an individual for the information which they are entitled to ask for under Article 15 of the UK GDPR.
An Organisation Code (ODS) is required for all organizations that work for the NHS.
EU IT Security Compliance Regulations and Standards
IT Security Compliance Regulations and Standards that are applicable in the European Union:
- IT Security
- Network and Information Security (NIS) Directive
- CER
- DORA
- Data Privacy
- General Data Protection Regulation (GDPR) (post)
- Banking
- Revised Payment Service Directive (PSD2)
- Automotive
- UNECE/R155 (post)
EU agencies:
- European Banking Authority (EBA)
- European Insurance and Occupational Pensions Authority (EIOPA)
Germany IT Security Compliance Regulations and Standards
Regulatories agencies in Germany:
- Federal Office for Information Security (BSI, from the German Bundesamt für Sicherheit in der Informationstechnik)
France IT Security Compliance Regulations and Standards
Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in France:
- Critical Infrastructures
- Loid de Programmation Militaire (LPM)
- Point-of-Sale (POS)
- Certification des Systèmes de Caisse
Regulatory agencies in France:
- ANSII
Spain IT Security Compliance Regulations and Standards
Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in Spain:
- IT Security
- ENS (Esquema Nacional de Seguridad)
- Data Privacy
- LOPD-GDD (Ley Orgánica de Protección de Datos-Garantía de Derechos Digitales)
- Finance
- SCIIF / SCIINF (Sistema de Control Interno de la Información Financiera)
Regulatory agencies in Spain:
- Agencia Española de Protección de Datos (AEPD), Spanish Agency for Data Protection
- CNMV
- CNMC
- Banco de España (BdE), Bank of Spain
Colombia IT Security Compliance Regulations and Standards
Non-exhaustive list of IT Security Compliance Regulations and Standards that are applicable in Colombia:
- Data Privacy
- Ley 1581/2012 – Colombia
You might also be interested in…
External References
- The Hacker News; “Essential Guides to Cybersecurity Compliance“
[…] may check this post about popular compliance […]
[…] IT Security Compliance Regulations and Standards […]
[…] IT Securrity Compliance Regulations and Standards […]