IT Compliance Standards and Framework

The IT governance and compliance needs of businesses vary widely. For small businesses, IT governance is often an informal process for the management of services that support the business. For larger companies, IT governance is a framework – a significant set of policies, procedures, and controls – that is applied organization-wide to enforce corporate standards and assure regulatory compliance. Common compliance frameworks include HIPAA, GDPR, CIS, NIST, and more.

A governance framework helps you define and enact standards for disaster recovery, business continuity, online backup, and business resumption processes. iCorps’ experienced and certified professionals can help identify a suitable framework to ensure that you follow policies, procedures, and documentation, then assess, create, and maintain these critical procedures for companies of all sizes. Your IT governance framework helps ensure that you are compliant with the specific regulations that apply to your organization and industry. iCorps’ technical experts can help you enforce governance of the technologies across your organization, including:

Compliance Roadmap

Identify Risk

Compliance starts with visibility. Conduct a 360° Security or Compliance Benchmark assessment.

Incorporate a Framework

Classify data according to the most relevant and restrictive compliance frameworks. Customize controls to meet organization-specific requirements.

Enforce Policies

Maintain data protection and retention policies, monitor user access, and field suspicious activity.

Top Regulatory Compliance Frameworks

GDPR

The EU General Data Protection Regulation (GDPR) is effective as of May 25, 2018. It affects all organizations that hold personal data on EU citizens, regardless of where the organization is based in the world. Implementing a data protection strategy that includes encryption and anti-malware security is vital.

GDPR
HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) applies to any organization that collects, stores or shares protected health info (PHI), including health plans, healthcare clearinghouses, and providers who conduct financial and administrative transactions electronically, like hospitals.

HIPAA
CIS

The CIS Critical Security Controls provide a catalog of prioritized guidelines and steps for resilient cyber defense and information security mitigation approaches. This gives organizations an organized security action plan to stay compliant with major industry regulations like HIPAA, PCI DSS, and more.

CIS
NIST

The National Institute of Standards and Technology Cybersecurity (NIST) framework consists of standards and best practices to manage cyber risk. It was developed with a focus on industries vital to national and economic security, including energy, banking, communications, and the defense industrial base.

NIST
MITRE ATT&CK

The MITRE ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework models cyber adversary behavior, attack lifecycles, and commonly targeted platforms. MITRE provides strategies across disciplines including intrusion detection, threat hunting, security engineering, risk management, etc.

MITRE ATT&CK
PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) is a set of twelve security standards to ensure all companies and vendors that accept, process, store, or transmit credit card and financial information secure it to protect cardholders against misuse of their personal information (PII).

PCI DSS
SOX

The Sarbanes-Oxley Act of 2002, aka the Public Company Accounting Reform and Investor Protection Act, responded to a number of major corporate and accounting scandals. All publicly-traded companies are required to comply, and a number of the Act’s provisions apply to privately held companies.

SOX
ISO/IEC 27001

ISO 27001 is an international standard published by the International Standardization Organization (ISO). It provides methodology for business information security management. The focus of ISO 27001 is to protect the confidentiality, integrity, and availability of a company’s information.

ISO/IEC 27001