Compliance:: Difference between revisions

From HORSE - Holistic Operational Readiness Security Evaluation.
Jump to navigation Jump to search
Line 4: Line 4:
ISO 17799 and ISO 27002 defines Compliance objectives to avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements; ensure compliance of systems with organizational security policies and standards; and maximize the effectiveness of and to minimize interference to or from the system audit process. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Compliance objectives, as well as guidance for complying with regulations such as GLBA and HIPAA.<br>
ISO 17799 and ISO 27002 defines Compliance objectives to avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements; ensure compliance of systems with organizational security policies and standards; and maximize the effectiveness of and to minimize interference to or from the system audit process. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Compliance objectives, as well as guidance for complying with regulations such as GLBA and HIPAA.<br>
<br>
<br>
==Identification of Applicable Statutes, Regulations and Certification Standards==
All relevant statutory, regulatory and private certificatory requirements should be identified. The organization's approach to meeting these requirements should be explicitly defined, documented and kept up to date.
===Compliance Oriented Policy Samples===
:1. [[Security_Policy:|'''ISO Security Policy''']]<br>
:1. [[Security_Policy:|'''ISO Security Policy''']]<br>
:This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Compliance objectives and clearly state specific requirements for policy compliance and enforcement, as well as actions that may be taken for violations of applicable regulations and laws.<br>
:This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Compliance objectives and clearly state specific requirements for policy compliance and enforcement, as well as actions that may be taken for violations of applicable regulations and laws.<br>

Revision as of 12:29, 25 May 2007

Compliance With Legal Requirements

The objective of this category is to ensure compliance with all statutory, regulatory, certificatory or contractual obligations.

ISO 17799 and ISO 27002 defines Compliance objectives to avoid breaches of any criminal or civil law, statutory, regulatory or contractual obligations and of any security requirements; ensure compliance of systems with organizational security policies and standards; and maximize the effectiveness of and to minimize interference to or from the system audit process. This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Compliance objectives, as well as guidance for complying with regulations such as GLBA and HIPAA.

Identification of Applicable Statutes, Regulations and Certification Standards

All relevant statutory, regulatory and private certificatory requirements should be identified. The organization's approach to meeting these requirements should be explicitly defined, documented and kept up to date.

Compliance Oriented Policy Samples

1. ISO Security Policy
This section provides templates for an Information Security Program Charter and supporting policies that are required to comply with ISO Compliance objectives and clearly state specific requirements for policy compliance and enforcement, as well as actions that may be taken for violations of applicable regulations and laws.


2. Regulatory Compliance (GLBA)
This section contains a GLBA Compliance Matrix that details how this system and other services can be used for GLBA compliance.


3. Regulatory Compliance (HIPAA)
This section contains a HIPAA Compliance Matrix that details how this system and other services can be used for HIPAA compliance.


4. Regulatory Compliance (SOX)
This section contains a Sarbanes-Oxley Compliance Matrix that details how this system and other services can be used for Sarbanes-Oxley compliance.


See Also

References

  • ISO 17799/27002 - Code of Practice for Information Security Management.