Non-compliance with regulatory or contractual requirements is one of the key risks organizations must consider while implementing and managing IT solutions. There are a multitude of general and vertical-specific regulations that govern how your organization manages personally identifiable information (PII), protected health information (PHI), credit card data, and other confidential information. If you are a publicly traded company, Sarbanes-Oxley (SOX) requirements generally imply effective implementation of a number of security and IT controls to ensure the integrity of your financial records. And, if you are a government entity, or do business with one, there are a large number of potential requirements that may be applicable.
The good news is that while some specifics may vary from regulation to regulation, most are built upon a common set of core principals that can be applied to simultaneously address multiple regulations or contractual provisions. Final Dot can help you understand how to leverage standards such as ITIL, COBIT, ISO27001/2, NIST 800-53, and others to meet regulations such as:
- The EU General Data Protection Regulation (GDPR)
- State privacy laws
- HIPAA / HITECH
- Sarbanes / Oxley (SOX)
- And others