:: Home : Glossary : C : Compliance

Compliance

Enterprises must comply with a raft of regulations that include:

Global regulations and standards include:

International Financial Reporting Standards (IFRS)
ISO17799 (ISO 17799) Information Security Management System. 
ISO10181 (ISO 10181) Authentication and Access Control.
ISO15489 (ISO 15489) Records Management
expected: ISO Legal Codes of Practice for the Management of Fixed Content Data
BIP0008 - Code of Practice for Legal Admissibility of Information Stored Electronically

UK - regulations and standards include:

Data Protection Act 1998
Freedom of Information Act 2000 (aka FOI or FOIA)
Financial Services & Markets Act 2000
Electronic Communications Act 2000
BS7799-2:2002 (BS 7799) Information Security Management System. Also global standard ISO17799 (ISO 17799)
BS10181 (BS 10181) Authentication and Access Control. Also global standard ISO10181 (ISO 10181) Enterprise Act 2002

EU - regulations and standards include:

The Privacy and Electronic Communications (EC Directive) Regulations 2003 (e-Privacy Directive)
Basel II Capital Accord
Human Rights Act 1998
Electronic Signature Directive
EDI Directive
e-Commerce Directive
MoReq - Model Requirements for the Management of Electronic Records

US - regulations and standards include:

SB 1386 - (SB1386) California legislation , signed into law in September 2002, requires all institutions and organizations that collect certain personal information to protect it against possible "identity theft." In addition, if an incident occurs that involves the compromise of personal information, the individuals whose personal information may have been compromised must be notified; and, the designated campus authority must notify the Office of the President. IS-3 subsection IV.D describes the requirements that must be met in order to be compliant with law and UC policy. Required protections and notification procedures are to be in place by July 1, 2003.
HIPAA - Health Insurance Portability and Accountability Act 1996
HL7 is a standard for the healthcare industry.
Sarbanes-Oxley Act aka SOX Act. Officially titled the “Public Company Accounting Reform and Investor Protection Act of 2002”, signed into law on 30 July 2002
PATRIOT Act aka USAPA is The official title is "Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT) Act of 2001."
SEC & NASDAQ regulations - including SEC 17a-3, the requirement to make records, and SEC 17a-4, the requirement to keep records are most relevant. Specific rules surrounding retention, non-rewriteable storage, and ease of retrieval and viewing are highlighted by 17a-4. NASD 3010 and 3110 refer to and inherit the same requirements of 17a-3 and 17a-4 as applied to the NASD, demanding the creation of policies and retention of reviewable customer records and transaction data.
Gramm-Leach-Bliley Act aka GLB. Officially titled the “Financial Services Modernization Act of 1999” repealed the Glass-Steagall Act opening up competition among banks, securities companies and insurance companies.  

Canada - regulations and standards include:

Personal Information Protection and Electronic Documents Act (PIPEDA) 2000 - An Act to support and promote electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions and by amending the Canada Evidence Act, the Statutory Instruments Act and the Statute Revision Act.