Regulatory Compliance Solutions

Information security and data privacy regulations start with two common threads. First, you must adopt a set of information security and privacy policies that reduce organizational risk and protect information assets. Second, you must define and document proper roles and responsibilities to insure that critical security and privacy functions are adopted and managed.

By focusing on international standards for information security and privacy, Information Shield security and privacy products are designed to help organizations achieve a risk-base approach to corporate governance, regardless of industry or geography.

Standards-Based Approach to Regulatory Compliance

Information Shield publications enable compliance with any information security or privacy regulation, by enabling a best-practices approach to managing information that is based on international standards. Our security policy library is based on ISO 17799 (ISO 27002), the international standard for information security management, and our privacy management toolkit is based on the O.E.C.D. Privacy Principles, the international standard for privacy management. Our publications fit squarely in the model of a "unified" approach to compliance.

Specific Regulations Addressed by Information Shield

While our publications help with any compliance program, we also provide specific information to help enable compliance with a number of security and privacy regulations.

Financial Services - Gramm-Leach-Bliley Act (GLBA), Sarbanes-Oxley Act (SARBOX), USA PATRIOT ACT, PCI Data Security Standard, and the Basel II Accord (EU).
Healthcare and Pharmaceuticals - HIPAA (Health Insurance Portability and Accountability Act of 1996) and FDA 21 CFR Part 11.
Infrastructure and Energy - Guidelines for FERC and NERC Cybersecurity Standards, the Chemical Sector Cyber Security Program and Customs-Trade Partnership Against Terrorism (C-TPAT).
Federal Government - Compliance with FISMA and related NSA Guidelines and NIST Standards.
Security Methodologies - Information Shield enables adoption of security and control frameworks such as ISO 1-7799, COSO and COBIT.
Consumer Protection and Data Privacy - Our publications help compliance with:
a. Children's Online Privacy Protection Act (COPPA)
b. Children's Internet Protection Act (CIPA)
c. CAN-SPAM - Federal law regarding unsolicited electronic mail.
d. BILL C-6: PERSONAL INFORMATION PROTECTION AND ELECTRONIC DOCUMENTS ACT (Canada)
e. California Individual Privacy Senate Bill - SB1386
More US Privacy Laws and International Privacy Laws

Regulatory Solutions

» Chemical Sector CDIX
» COBIT/Sarbanes-Oxley
» FERC/NERC Infrastructure
» FISMA Security
» GLBA Security and Privacy
» HIPAA Security and Privacy
» ISO 17799/27001
» PCI-DSS Solutions
» SAS70 Audits

» Security Policy Regulatory Requirements Table

Learn More

» Request a Sample
» How it Works
» Contact Us

"(a) The head of each [Federal] agency shall delegate to the agency Chief Information Officer ensuring that the agency effectively implements and maintains information security policies, procedures, and control techniques;"

- FISMA Section 3534

"A written policy document should be available to all employees responsible for information security"

- ISO 27002 Section 5.1

"(R) Implement reasonable and appropriate policies and procedures to comply with the standards, implementation specifications, or other requirements of this subpart."

- HIPAA Security Final Rule, 164.316 (a) Policies and Procedures

"The bank must have a routine in place for ensuring compliance with a documented set of internal policies, controls and procedures concerning the operational risk management system, which must include policies for the treatment of non-compliance issues."

- Basel II Qualitative Standards, Section 606 (e)

"Integration of a consistent policy management framework is essential. The policy management framework consists of people, roles, processes for identification, development and review, and communication and enforcement mechanisms."

Chemical Sector Cyber Security Program
Section 5.3.1 Statement of Management Practice