IT compliance: FAQs about IT operations, regulations and standards

IT compliance: FAQs about IT operations, regulations and standards

Applying regulatory mandates to IT operations is challenging, even for experienced security and compliance professionals. The FAQs listed below provide more information organized around specific topics -- each list of frequently asked questions is focused on how a given standard, regulation or law affects IT compliance. As we add more FAQs on IT compliance, you'll find them listed below.

    Requires Free Membership to View

    Login

    When you become a member, my editorial team will provide you with expert insight for creating and maintaining a manageable compliance infrastructure.  From targeted tips to webcasts and discussion forums, we have you covered.

    Scot Petersen, Editorial Director, SearchCIO-Midmarket.com

    By submitting your registration information to SearchCompliance.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchCompliance.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

Basel III standards

Basel III is a set of standards developed to ensure that internationally active banks maintain adequate capital during periods of economic strain. Learn how the Basel III accord affects you with this FAQ.

Compliance audits

Complying with the increasing number of regulations has made leveraging IT essential. That's particularly true in the automation of processes to handle the information in an organization's possession. As requirements grow, systems that both facilitate IT compliance and demonstrate to auditors that standards for security and data protection have been met are an increasingly critical area of IT operations.

Computer forensics

Computer forensics is perceived as a science rarely used by compliance officers. Not true. Learn more about how it's useful in a number of ways, including risk management.

Computer Fraud and Abuse Act

The Computer Fraud and Abuse Act of 1986 was originally designed to combat hacking, but amendments that dramatically broadened its scope and penalties have drawn some criticism.

E-discovery

A landmark case in 2004, Zubulake v UBS Warburg, broke new ground for electronic data that must be produced during a lawsuit, a requirement known as electronic discovery, or e-discovery. Since then, the law and practice surrounding the legal obligations for handling e-discovery have continued to evolve. Because the lion's share of corporate information is now stored electronically, e-discovery can be a complicated, time-consuming and expensive process.

Enterprise document management

Compliance with an increasing number of regulations requires a strategy for enterprise document management wherever content crosses an organization's network. Information technologies that facilitate the secure and controlled handling of documents are the foundation of such a strategy. As compliance-related enterprise document management requirements grow, improved document management systems and strategies will become an increasingly critical aspect of IT operations. In this FAQ, you'll find answers and resources to frequently asked questions about the relationship of enterprise document management to IT operations and compliance.

Epsilon security breach

The Epsilon security breach put a spotlight on email regulations, or the lack thereof. In this FAQ, learn what caused the breach, its cost to customers and the potential impact.

FISMA

The Federal Information Security Management Act aims to improve information security by requiring federal agencies to comply with standards. Learn more with this FISMA FAQ.

GARP

Many organizations do not have an information governance structure that works with defined record-keeping principles that ensures accountability. GARP may be your answer.

Google settlement

Google has agreed to a $500 million settlement for illegally assisting online pharmacies via its AdWords program. Here's why the Google settlement could have wider ramifications.

HIPAA

Compliance with the Health Insurance Portability and Accountability Act (HIPAA) requires organizations to implement safeguards and security standards when electronically storing and transmitting personal health information. HIPAA mandates standardized formats for all patient health, administrative and financial data. Learn more about HIPAA requirements, the penalties for noncompliance and other issues in this FAQ.

The HITECH Act

On Feb. 18, President Barack Obama signed into law the American Recovery and Reinvestment Act (ARRA) of 2009, commonly known as the "stimulus package." In doing so, Obama also made the Health Information Technology for Economic and Clinical Health (HITECH) Act the law of the land, in the process significantly expanding the reach of the Health Insurance Portability and Accountability Act (HIPAA) and its corresponding penalties.

This resource provides answers and resources to frequently asked questions regarding the HITECH Act. As you read the FAQ, you'll learn more about what the act is, where it came from, what it requires and what the role of IT is in achieving and maintaining HITECH compliance.

ISO 31000

Learn more about ISO 31000:2009, a new risk management standard: It's plainly written, short, process-oriented and relevant reading for anyone dealing with risk.

Mobile computing

More mobile computing devices means more security threats. Here are things to consider in adjusting your IT compliance strategy to meet challenges brought by iPhones and the like.

NERC CIP

Under the NERC CIP, power generators and suppliers must prove NERC compliance on critical infrastructure protection provisions by the end of the second quarter. Will you be ready?

PCI DSS

This resource provides answers and resources to frequently asked questions regarding the Payment Card Industry Data Security Standard (PCI DSS). As you read the FAQ, you'll learn more about what the standard is, where it came from, what it requires, who it affects and what the role of IT is in achieving and maintaining compliance.

Sarbanes-Oxley

When it comes to IT operations, the impact of the Sarbanes-Oxley Act (SOX) has been clear and far-reaching. In fact, the costs of complying with SOX have resulted in many companies choosing to go public outside the U.S. capital markets. The Securities and Exchange Commission, which administered SOX, has exempted companies with market capitalizations of less than $75 million from the requirement to audit their financial control systems. That exemption is currently set to end in December. Should it do so, SOX requirements will extend to the IT departments of many more public companies. Get ready with this FAQ.

Social media policies

Corporate social media policies are designed to protect against employees posting job complaints online, but cases show labor laws’ interpretation of these rules is fuzzy at best.

Sony PlayStation Network breach

The Sony PlayStation Network security breach affected millions of users. In this FAQ, learn how it was done, and its costs and likely ramifications.

The Volcker Rule

The Volcker Rule portion of the Dodd-Frank Act is designed to rein in high-risk, speculative trading. Here's why it also could influence your compliance program.


This was first published in September 2010

Back to top