Security and privacy laws, regulations, and compliance: The complete guide

This directory includes laws, regulations and industry guidelines with significant security and privacy impact and requirements. Each entry includes a link to the full text of the law or reg as well as information about what and who is covered.

Click on a link to skip to information and resources on that law:

Broadly applicable laws and regulations

Industry-specific guidelines and requirements

US state laws

International laws

Broadly applicable laws and regulations

Sarbanes-Oxley Act (Sarbox, SOX)

Purpose: Enacted in 2002, the Sarbanes-Oxley Act is designed to protect investors and the public by increasing the accuracy and reliability of corporate disclosures. It was enacted after the high-profile Enron and WorldCom financial scandals of the early 2000s. It is administered by the Securities and Exchange Commission, which publishes SOX rules and requirements defining audit requirements and the records businesses should store and for how long.

To whom it applies: US public company boards, management and public accounting firms.

Key points for CISOs: SOX places requirements around maintaining integrity and availability of financial data, and controls for who has access to that data. Specific rules need to be in place for:

  • Access: Who has either physical access to your offices and paper files and electronic access to your data? The law mandates a least permissive access model, under which employees only have access to what’s needed to do their jobs.
  • Data backup: Financial records must be backed up offsite in ways spelled out by the law.
  • Security: You must demonstrate that you have protected your data against breaches, though the implementation is left up to your discretion within reasonable bounds.
  • Change management: You’ll need to define procedures for adding or changing the databases and software that manage your corporate finances, as well as adding new users to your systems.

More about Sarbanes-Oxley:

Copyright © 2021 IDG Communications, Inc.

Source link

Add a Comment