Category Archives: Compliance

The Sarbanes Oxley Act became law in 2002 in the wake of the Enron financial scandal. Its focus is setting rules for the ways that public organizations and accounting firms should handle corporate governance and financial disclosures – it is … Continue reading →

The Gramm-Leach-Bliley Act of 1999 (also known as the Gramm-Leach-Bliley Financial Services Modernization Act or "GLBA") was designed to open up competition in the financial services industry. It applies to all "Financial Service Providers" which includes obvious groups such as … Continue reading →

The Payment Card Industry (PCI) Data Security Standard is a set of comprehensive security requirements that applies to merchants and service providers who process and/or store payment card information. The standard was developed by Visa and MasterCard, and has now … Continue reading →

HIPAA – the Health Insurance Portability and Accountability Act – is federal legislation passed in 1996 that addresses various elements of healthcare in the United States, including health insurance reforms and several other areas not related to privacy or security. … Continue reading →

COBIT (Control Objectives for Information and Related Technology – ISBN 1-933284-37-4) was developed by the Information Systems Audit and Control Association (ISACA), and the IT Governance Institute (ITGI). It’s a much broader standard than ISO 17799 since it applies to … Continue reading →

ISO/IEC 17799:2005(E) ("Information technology – Security techniques – Code of practice for information security management") is a widely-used guide to information security management that reflects accepted best practice, and which is used in businesses and government organizations around the world. … Continue reading →