Compliance Solutions

Fast track your compliance efforts


1

Healthcare

HIPPA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.


2

Payment Industry

PCI DSS

The Payment Card Industry (PCI) Data Security Standards (DSS) is a global information security standard designed to prevent fraud through increased control of credit card data. Organizations of all sizes must follow PCI DSS standards if they accept payment cards from the five major credit card brands, Visa, MasterCard, American Express, Discover, and the Japan Credit Bureau (JCB). Compliance with PCI DSS is required for any organization that stores, processes, or transmits payment and cardholder data.


3

EU Data

GDPR

The General Data Protection Regulation (GDPR) introduces new rules for organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data for EU residents no matter where you or your enterprise are located. The GDPR gives rights to people to manage personal data collected by an organization. These rights can be exercised through a Data Subject Request (DSR). The organization is required to provide timely information regarding DSRs and data breaches, and perform Data Protection Impact Assessments (DPIAs).


4

Financial Reporting

SOX

The Sarbanes-Oxley Act of 2002 (SOX) is a US federal law administered by the Securities and Exchange Commission (SEC). Among other things, SOX requires publicly traded companies to have proper internal control structures in place to validate that their financial statements reflect their financial results accurately. SOX is heavily influenced by customer’s internal processes especially when it comes to controls for financial reporting. For example, SOX requirements involve internal customer controls for the preparation and review of financial statements, and especially controls that affect accuracy,


5

Children’s Protection

CIPA

The Children’s Internet Protection Act (CIPA) was enacted by US Congress in 2000 to address concerns about children’s access to obscene or harmful content over the Internet. CIPA imposes certain requirements on schools or libraries that receive discounts for Internet access or internal connections through the E-rate program – a program that makes certain communications services and products more affordable for eligible schools and libraries. In early 2001, the FCC issued rules implementing CIPA and provided updates to those rules in 2011.

6

California Consumer Privacy

CCPA

The California Consumer Privacy Act (CCPA) is the first comprehensive privacy law in the United States. It provides a variety of privacy rights to California consumers. Businesses regulated by the CCPA will have a number of obligations to those consumers, including disclosures, General Data Protection Regulation (GDPR)-like consumer data subject rights (DSRs), an ‘opt-out’ for certain data transfers, and an ‘opt-in’ requirement for minors.

Featured Solutions

SOX

Financial reporting compliance

Adopt the COBIT control framework and IT-specific efforts towards complying with SOX requirements.

CIPA

Children’s protection compliance

Tools and solutions to help schools and libraries define and establish a CIPA-compliant Internet Safety Policy.

CCPA

CCPA

California’s privacy compliance

Follow the security best practices with tools to stay within the safety realm of the CCPA compliance checklist.