⚖️ Regulatory Compliance Standards: At a Glance
In an increasingly regulated digital landscape, understanding and aligning with key cybersecurity and data protection standards is essential for organisations of all sizes. Below is a summary of major regulatory and compliance frameworks relevant to IT, data security, and cloud infrastructure professionals.
📄 Index of Key Compliance Standards
| Acronym | Full Name | Scope / Industry | Purpose |
|---|---|---|---|
| GDPR | General Data Protection Regulation | EU, Global | Governs collection and processing of personal data of EU/EEA residents. |
| HIPAA | Health Insurance Portability and Accountability Act | US Healthcare | Protects electronic Protected Health Information (ePHI) and mandates privacy/security controls. |
| SOX | Sarbanes-Oxley Act | US Public Companies | Prevents financial fraud and enforces internal control over financial reporting. |
| PCI DSS | Payment Card Industry Data Security Standard | Payment processors, merchants, and providers | Secures cardholder data and prevents credit card fraud. |
| NIST CSF | National Institute of Standards and Technology Cybersecurity Framework | US Government, Critical Infrastructure | Provides a framework for improving cybersecurity posture. |
| ISO 27001 | International Organisation for Standardisation 27001 | Global, cross-sector | Specifies requirements for an Information Security Management System (ISMS). |
| FISMA | Federal Information Security Management Act | US Federal Agencies | Mandates federal agencies to implement information security programs. |
| CCPA / CPRA | California Consumer Privacy Act / Rights Act | California, USA | Gives consumers control over personal data; US equivalent of GDPR. |
| DORA | Digital Operational Resilience Act | EU Financial Sector | Ensures IT resilience and incident response in the financial industry. |
| SOC 1 & SOC 2 | System and Organisation Controls Reports | SaaS, Cloud Providers | Independent audits to assess security, availability, processing integrity, confidentiality, and privacy. |
| FedRAMP | Federal Risk and Authorization Management Program | US Federal Cloud Providers | Standardises cloud security assessments for federal use. |
| CMMC | Cybersecurity Maturity Model Certification | US Defense Contractors | Ensures contractors meet cybersecurity requirements to protect federal CUI (Controlled Unclassified Information). |