Regulatory compliance is a strong business driver that requires you provide demonstrable proof of conformance.
Are you prepared?
The Rubicon Advisory Group has worked with many organizations to build and manage a variety of regulatory compliance concerns across multiple industries.
Regulatory requirement | What it regulates | Organization affected |
Payment Card Industry Data Security Standard v3.2 (PCI) | A set of 12 requirements designed to reduce fraud and protect customer credit card information. | Organizations handling credit card information. |
Sarbanes Oxley Act (SOX) | This act requires companies to maintain financial records for seven years. | U.S. public company boards, management, and public accounting firms |
Federal Information Security Management Act (FISMA) | This act recognized the information security as matters of national security. Thus, it mandates that all federal agencies develop a method of protecting the information systems. | All Federal agencies. |
Health Information Portability and Accountability Act (HIPAA) | This act is a two-part bill. Title I: protects the health care of people who are transitioning between jobs or are laid off. Title II: meant to simplify the healthcare process by shifting to electronic data. The goal is to protect the privacy of patients. | Any organization or office that handles the storage, processing or transmission of healthcare data. That includes but is not limited to doctor’s offices, insurance companies, business associates, and employers. |
Gramm Leach Bliley Act (GLBA) | Mandates that organizations secure the private information of clients and customers. | “…companies that offer financial products or services to individuals, like loans, financial or investment advice, or insurance.” |
General Data Protection Requirement (GDPR) | Any information related to a natural person or ‘Data Subject’, that can be used to directly or indirectly identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address. | The GDPR not only applies to organizations located within the European Union (EU) but it will also apply to organizations located outside of the EU if they offer goods or services to, or monitor the behavior of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the organization’s location. |
North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) | Consists of nine (9) standards and 45 requirements covering the security of electronic perimeters and the protection of critical cyber assets as well as personnel and training, security management and disaster recovery planning. | North American Power Generation and Transmission Systems |
If you have questions about any of the regulatory compliance areas listed and how we can partner with you to address your compliance requirements, please call us at (855) 4-NO-RISK.