Compliance Requirements:

Compliance Testing

BASEL II Faster Payment Services FDA CFR Part 11 HIPAA MiFID PCI Data Security Standard Reg NMS SEPA SOX

Region : USA

Security Areas Compliance Covered Requirements HIPAA US Healthcare Creating Storing & All Major "Best Organizations & Transmitting electronic Practice Security" Partners protected health Areas information Sarbanes Oxley (SOX) US Public Companies Defined to secure the All Major "Best & Acctg Standards public against corporate Practice Security" COSO, COBIT, SAS fraud & Areas Misrepresentation PCI DSS Merchants who take Privacy of Customer Varies by size of (Also Covered by Credit Cards Financial Data Merchant Requires Breach Laws) Best Practices plus 3rd Party Qtly Risk Assessments GLBA - Federal Law US Financial Financial Services Act - "Best Practices" 106 - 102 FDIC/FFIEC Institutions Privacy of Personal Security Two-Factor Guidelines FACT U.S. Info. Safety of Internet Authentication Ensure Patriot Act (2001) based Products & Accuracy & Safety Services Fair and Identity Verification Accurate Credit Transactions Anti Terrorism Breach Laws in 31 US Any Company storing, Consumer Privacy All Major "Best States Including accessing private Security Breach Acts Practices Security"

Regulations

Who Needs to Comply

Regulations

Who Needs to Comply

Security Areas Covered Personal data

California SB 1386 consumer data EU Data Protection Act Any EU organization and Privacy holding personal data Regulations

Compliance Requirements Areas All major best practice areas

Region : UK
Coverage of key UK IT and information-related regulation, such as:

FSA Regulations Basel2 MiFID Data Protection Act 1998 Privacy and Electronic Communications Regulations 2003 Freedom of Information Act 2000 Computer Misuse Act 1990 (as updated in 2006) Copyright, Designs and Patents Act 1998 Electronic Communications Act 2000 Regulation of Investigatory Powers Act 2000 Human Rights Act 2000 Disability Discrimination Act 1995 Safeguarding of organizational resources

There is considerable regulation in the UK, some of which is from EU legislation. Various areas are policed by different bodies, such as the FSA (Financial Services Authority), Environment Agency and Scottish Environment Protection Agency, Information Commissioner's Office and others. Important compliance issues for all organizations large and small include the Data Protection Act 1998 and, for the public sector, Freedom of Information Act 2000. Combined Code issued by the London Stock Exchange (LSE) is the Sarbanes-Oxley equivalent in the UK.

Region : Austarlia
The Australian Securities & Investments Commission (ASIC) is an independent Australian government body that acts as Australia's corporate regulator. ASIC's role is to enforce and regulate company and financial services laws to protect Australian consumers, investors and creditors

The Australian Prudential Regulation Authority (APRA) is a statutory authority and the prudential regulator of the Australian financial services industry APRA oversees banks, credit unions, building societies, friendly societies, general insurance and reinsurance companies, life insurance and most members of the superannuation industry.

Canada:
In Canada, Bill 198 is an Ontario legislative bill effective April 7, 2003,[1] which provides for regulation of securities issued in the province of Ontario. The legislation encompasses many areas. It is perhaps best known for clauses that provide equivalent legislation to the U.S. Sarbanes-Oxley Act to protect investors by improving the accuracy and reliability of corporate disclosures. Thus, it is also known as the "Canadian Sarbanes-Oxley" Act or C-SOX (see-socks)

http://en.wikipedia.org/wiki/Regulatory_compliance http://www.itgovernance.co.uk/compliance.aspx