|
|
 |
|
Data Security Regulations - Organizational Frameworks and Guidelines |
|
Control Objectives for Information and related Technology (COBIT)
While not a regulation, the Control Objectives for Information and related Technology (COBIT) is a set of best practices for IT management created by the Information Systems Audit and Control Association and the IT Governance Institute in 1992. COBIT is designed to provide IT managers, auditors and users with a set of generally accepted measures, indicators, processes and best practices to assist them in maximizing the benefits derived through the use of information technology and developing appropriate IT governance and control in a company. Audit Guidelines outline and suggest actual activities to be performed corresponding to each of the 34 high-level IT control objectives, while substantiating the risk of control objectives not being met. Public companies that are subject to the U.S. Sarbanes-Oxley Act of 2002 can use control frameworks based on the Committee of Sponsoring Organizations of the Treadway Commission Internal Control Integrated Framework and the IT Governance Institute’s Control Objectives for Information and Related Technology. COBIT is increasingly internationally accepted as good practice for control over information, IT and related risks.
|
|
Basel II Framework
The efforts of the Basel Committee on Banking Supervision to revise the standards governing the capital adequacy of internationally active banks achieved a critical milestone in the publication of an agreed text in June 2004. Although not a regulation, the Basel II Framework describes a comprehensive measure and minimum standard for capital adequacy that national supervisory authorities are now working to implement through domestic rule-making and adoption procedures. The framework seeks to improve the existing rules by aligning regulatory capital requirements more closely to the underlying risks that banks face. In essence, the framework strives to ensure that capital allocation is more risk-sensitive; separate operational risk from credit risk, and quantifying both; and attempting to align economic and regulatory capital more closely to reduce the scope for regulatory arbitrage. Basel II uses a "three pillars" concept - (1) minimum capital requirements, (2) supervisory review and (3) market discipline, to promote greater stability in the financial system. In addition, the Basel II Framework is intended to promote a more forward-looking approach to capital supervision, one that encourages banks to identify the risks they may face, today and in the future, and to develop or improve their ability to manage those risks. As a result, it is intended to be more flexible and better able to evolve with advances in markets and risk management practices.
|
|
ISO/IEC 17799:2005
ISO/IEC 17799:2005 is not a regulation, but a code of practice for information security management. The code establishes guidelines and general principles for initiating, implementing, maintaining, and improving information security management in an organization. The objectives provide general guidance on the commonly accepted goals of information security management. ISO/IEC 17799:2005 contains best practices of control objectives and controls in the following areas of information security management: security policy; organization of information security; asset management; human resources security; physical and environmental security; communications and operations management; access control; information systems acquisition, development and maintenance; information security incident management; business continuity management; and compliance. The control objectives and controls in ISO/IEC 17799:2005 are intended to be implemented to meet the requirements identified by a risk assessment. ISO/IEC 17799:2005 is intended as a common basis and practical guideline for developing organizational security standards and effective security management practices, and to help build confidence in inter-organizational activities.
|
|
Personal Information Protection and Electronic Documents Act (Canada)
Canada’s Personal Information Protection and Electronic Documents Act, approved on April 13, 2000, sets the ground rules for how private sector organizations in Canada may collect, use or disclose personal information in the course of commercial activities. The law gives individuals the right to access and request correction of the personal information these organizations may have collected about them. The Act was first introduced in the House of Commons in October 1998 as Bill C-54. It was re-introduced as Bill C-6 in October 1999 at the opening of the new Parliamentary session. The Senate passed the bill with two amendments pertaining to personal health information. Parliament approved the amendments and the Act received Royal Assent on April 13, 2000. Initially, PIPEDA applied only to personal information about customers or employees that was collected, used or disclosed in the course of commercial activities by the federally regulated private sector, organizations such as banks, airlines, and telecommunications companies. The Act now applies to personal information collected, used or disclosed by the retail sector, publishing companies, the service industry, manufacturers and other provincially regulated organizations. Every Canadian province and territory has privacy legislation governing the collection, use and disclosure of personal information held by government agencies.
|
|
|
| Looking for more information? |
|
|
|
 |
|
E-waste and Environmental Regulations Database |
|
|
|
|
Mounting pressures regarding the environmentally and socially responsible management of e-waste are triggering more stringent laws around the globe. Redemtech’s E-waste and Environmental Regulations Database delivers information about regulations, directives, national decrees, statutes, ordinances and pending e-waste and environmental legislation. |
|
|
|
|
Data Security Regulations |
|
|
|
|
Legislation governing the protection of consumer privacy and identify theft continue to propagate on a global, federal, state and local level. Redemtech’s Data Security and Privacy Regulatory Database documents applicable regulations, established laws, constitutional amendments and pending legislation for many nations around the globe. |
|
|
