The Top Regulatory Compliance Frameworks for 2018
GDPR. DSS. NIST. These are just some of the acronymous names of major regulatory compliance frameworks that organizations need to know today. And with so many arcane acronyms to contend with, it can be hard to keep track of which regulatory frameworks apply to what.
If you’re struggling to keep your compliance rules straight, this article is for you. Keep reading for a list of the most important regulatory compliance frameworks to know for 2018.
The General Data Protection Regulation — better known as GDPR — is the latest and greatest major regulatory compliance framework to debut.
The GDPR, which went into effect in May 2018, is a European Union regulation. However, because its requirements apply broadly to include, in general, any organization that does business in the European Union in some way or interacts with European Union citizens, the GDPR matters to many companies outside of the European Union.
The GDPR requirements are too lengthy to detail here, but you can check out some of our other coverage of the GDPR to learn more — including what GDPR means for mainframes and expert GDPR analysis from Paige Bartley.
Credit card information is a pretty sensitive type of data, for reasons that are obvious. The Payment Card Industry Data Security Standard, or PCI DSS, is a regulatory standard developed by credit card companies to help protect cardholder data. It was introduced in 2004.
If you process, store, or transmit credit card data, PCI DSS applies to you.
The National Institute of Standards and Technology, or NIST, has developed what is known as the NIST Cybersecurity Framework, or just NIST for short.
Technically, NIST is not a regulatory framework, but rather a policy framework. In other words, it represents a set of best practices for keeping data secure.
So while you may not be legally required to comply with NIST (unless you are subject to contractual obligations or oversight by a particular government agency that is based on NIST standards), following the NIST guidelines is a good way to ensure that you are doing your best in a general sense to keep data and systems secure.
The Health Insurance Portability and Accountability Act, or HIPAA, is one of the best known regulatory compliance frameworks among consumers in the United States. Introduced in 1996, it sets various standards and requirements regarding health data, among other things.
HIPAA is relatively high-level and was introduced at a time when technology platforms looked very different than they do today (although it has been updated a bit since then). As such, HIPAA does not include much in the way of specific technical requirements for the way health data is secured, and the HIPAA rules are subject to a fair amount of interpretation when it comes to how they should be implemented from a technological perspective.
Still, if you deal with health data in one way or another on any of your IT infrastructures, it’s a good idea to consult with HIPAA technology experts to ensure that you are adhering to best practices for securing and processing that data in ways the authorities would deem HIPAA-compliant.
The 2002 Sarbanes-Oxley Act, or SOX, was introduced in the United States in an effort to combat corporate fraud. The law primarily focuses on regulating the accounting and transparency in processes of companies, and does not have any specific technological requirements. However, because the ways in which data is stored and processed are important for ensuring transparency and auditability, any organization that stores data electronically should keep SOX in mind as it designs its data processes.
As you might have guessed from its name, FedRAMP, which is short for Federal Risk and Authorization Management Program, is a regulatory compliance framework that applies to United States federal agencies. It is designed to keep the cloud services and data that those agencies use secure.
This means that, if you work with federal government agencies or help to process their data, you should take FedRAMP requirements into consideration.
View our webcast to learn more about accelerating compliance for your IBM i systems.