I.T. Compliance


  SOX  
PCI
   
HIPAA
   
GDPR
What is SOX?
 
The Sarbanes-Oxley Act of 2002 is a federal law that established sweeping auditing and financial regulations for public companies.

Lawmakers created the legislation to help protect shareholders, employees and the public from accounting errors and fraudulent financial practices
 
 What is PCI?

Payment Card Industry (PCI) Compliant for a merchant means that they are adhering to the set of procedures and policies developed to protect cash card transactions of credit and debit cards and prevent the misuse of the user personal information.

Five different programs had been
started by card companies:
The intentions of each were roughly similar: to create an additional level of protection for card issuers by ensuring that merchants meet minimum levels of security when they store, process, and transmit cardholder data. To remove the interoperability problems among the existing standards, the combined effort made by the principal credit card organizations resulted in the release of version 1.0 of PCI DSS in December 2004. PCI DSS has been implemented and followed across the globe.

 The Payment Card Industry Security Standards Council (PCI SSC) was then formed and these companies aligned their individual policies to create the PCI DSS. MasterCard, American Express, Visa, JCB International and Discover Financial Services established the PCI SSC in September 2006 as an administration/governing entity which mandates the evolution and development of PCI DSS.

Independent/private organizations can participate in PCI development after proper registration. Each participating organization joins a particular SIG (Special Interest Group) and contributes to the activities which are mandated by the SIG.
 
What is HIPAA?

HIPAA is the acronym for the Health Insurance Portability and Accountability Act that was passed by Congress in 1996.

HIPAA Guidelines:

Provides the ability to transfer and continue health insurance coverage for millions of American workers and their families when they change or lose their jobs;

Reduces health care fraud and abuse;

Mandates industry-wide standards for health care information on electronic billing and other processes; and

Requires the protection and confidential handling of protected health information.

 What is GDPR?

The General Data Protection Regulation (GDPR) standardizes data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information (PII).

It also extends the protection of personal data and data protection rights by giving control back to EU residents. GDPR replaces the 1995 EU Data Protection Directive, and went into force on May 25, 2018. It also supersedes the 1998 UK Data Protection Act.


 SOX_Penalties
 PCI_Penalties
 HIPAA_Penalties
 GDPR_Penalties


To Top

More Than Enough?


Regulations, Legislation, Compliance, Assessments,
Staffing, Implementation, Documentation, Funding...


...when enough has become more than enough!