Computer Security - Legal Compliance


In this section we will explain some important compliances that are around the technology industry. Nowadays technology compliance is becoming more important because it is developing too fast and legal issues are raising more often than ever. What is compliance, let’s say for example we want to develop a health managing software, it has to be developed in accordance with the standards of the Health Organization in that Country and if it will be international it has to be in accordance with the country where it will be marketed, which in this case is Health Information Portability and Accountability Act.

What are the Main Compliances?

Some regulations, standards and legislations which companies may need to be in compliance are as follows −

Sarbanes Oxley Act (SOX) of 2002

The Sarbanes Oxley Act was created for the high-profile financial scandals to protect shareholders and the general public from accounting errors and fraudulent practices in the enterprise. Among other provisions, the law sets rules on storing and retaining business records in IT systems. It is important because most of the biggest banks in the recent years have suffered from data breach. If you are in the financial industry you should check this act and its details can be found online. You can click on the following link for more information −

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

In this act, the Title II includes an administrative section that mandates standardization of electronic health records systems and includes security mechanisms designed to protect data privacy and patient confidentiality. It should have hardware or software that provides access controls, integrity controls, auditing and transmission security. So if you are a system administrator in the health system you should read and check your systems if they are in compliance with this act. For further information, you can click on the following link −

FERC Compliance

This compliance is important because it deals with energy industry. Businesses should implement policies and procedures to not only protect key electronic assets, but also to report and recover when a cyber-attack occurs. Further information on this can be found on the following link −

Payment Card Industry Data Security Standard (PCI DSS)

This has to do with the retail online stores industry mostly. This as a compliance doesn’t have a direct law impact, but if it is neglected, you can be charged for other law infringements. It was developed jointly by American Express, Visa, MasterCard, Discover and JCB. It requires the use of firewalls, data encryption, monitoring and other controls to ensure confidential information. More information can be found on Wikipedia −

We have discussed most of the important compliances that have a bigger impact, also it is worth to mention that Legal compliances can change according to countries but these major ones which we mentioned are almost similar in every country.