Compliance Regulations | Avior Computing

Click here to download Avior's latest Datasheets, Case Studies, and White Papers

regulations, standards & frameworks

Managing compliance in today’s environment requires developing associations among the numerous regulations, standards, and frameworks. These associations are always in flux, as new regulations are added, older regulations changed, and standards and frameworks updated. The burden of developing and maintaining these associations can be enormous for individual organizations. Avior’s BenchMark and ClearView solutions greatly ease the burden of mapping between numerous regulations, standards, and frameworks, by delivering this information as a dynamically updated service offering. A sample of regulations, frameworks, and standards that we work with include:

Regulations

Gramm-Leach-Bliley Act
GLB ACT
GLBA
Disclosure of Nonpublic Personal Information
GLBA Compliance
GLBA Privacy Compliance
Information Regarding the
Gramm-Leach-Bliley Act of 1999
15 USC, Subchapter I, Sec. 6801-6809
Sec 6801 Protection of nonpublic personal information
Sec 6802 Obligations with respect to disclosures of personal information
Sec 6803 Disclosure of institution privacy policy
Sec 6804 Rulemaking
Sec 6805 Enforcement
Sec 6806 Relation to other provisions
Sec 6807 Relation to State laws
Sec 6808 Study of information sharing among financial affiliates
Sec 6809 Definitions
GLBA Title V
Gramm Leach Bliley Act Title V
15 USC, Subchapter 1, Sec 6801-6809
Title V of GLBA
Financial Modernization Act of 1999
Financial Privacy Rule
Safeguards Rule
Pretexting
Advance Notice of Public
Rulemaking
The Financial Privacy
Requirements of the Gramm
Leach Bliley Act
The Financial Privacy
Requirements of GLBA
GLBA Privacy Rule
GLBA FTC Safeguards Rule
FTC Safeguards Rule
Section 501(b) of GLBA
Information Security Guidelines
Section 501(b)
Sarbanes-Oxley Act
SOX
SOX Section 302
Sox Section 404
SOX Section 409
SOX Section 802
SOX Section 302 - Certification of Financial
SOX Section 404 – Internal Controls
SOX Section 409 – Reporting Material Events
SOX Section 802 – Destruction of Corporate Audit Records
PCAOB
Public Company Accounting
Oversight Board
PCAOB Auditing Standard No. 5
Committee of Sponsoring Organizations of the Treadway Commission
COSO
BASEL II
BASEL II Accord
Privacy Act
Computer Matching and Privacy Act
Section 208 of the E-Government Act
E-Government Act
E-Government Act Privacy Impact Assessment
Title III of the E-Government Act
Federal Information Management Act
FIMA
21 CFR Part 11
Health Insurance Portability and Accountability Act
HIPAA
HIPAA Part C
HIPAA Administrative Simplification

HIPAA Privacy Rule
HIPAA Security Standards
Security Rule EPHI
Fair Credit Reporting Act
FCRA
Federal Trade Commission Act
Fair and Accurate Transactions Act
FACT Act
Red Flag Rules
EU Data Protection Directive
EU Directive
EU Data Directive
EU Data Directive 95/46/EC
US-EU Safe Harbor Privacy Principles
Australian Privacy Act
Australian Privacy Act – National Privacy Principles
Japan Personal Information Protection Act
Massachusetts Data Privacy Law
201 CMR 17.00: Standards for the Protection of Personal Information of Residents of the Commonwealth
201 CMR 17.01 Purpose and Scope
201 CMR 17.03: Duty to Protect and Standards for Protecting Personal Information
201 CMR 17.04: Computer System Security Requirements
Connecticut Personal Data Act
Personal Information Protection and Electronic Documents Act
California law SB1386
Amending civil codes 1798.29, 1798.82 and 1798.84
Security Breach Information Act
ThePersonal Information Protection and Electronic Documents Act
PIPEDA
BSA
Bank Secrecy Act
31 CFR 103
Bank Secrecy Act Anti-Money Laundering
BSA/AML
NERC
North American Reliability Council
Federal Energy Regulatory Commission
Energy Policy Act
EPAct
FERC
CIP-001-1 Sabotage Reporting
CIP-002-1 Critical Cyber Asset Identification
CIP-003-1 Security Management Controls
CIP-004-1 Personnel & Training
CIP-005-1 Electronic Security Perimeter(s)
CIP-006-1 Physical Security of Critical Cyber Assets
CIP-006-1a Physical Security of Critical Cyber Assets
CIP-008-1 Incident Reporting and Response Planning
CIP-009-1 Recovery Plans for Critical Cyber Assets
12 CFR Part 30
Reg S-P

Standards

ISO/IEC
ISO
ISO/IEC 27001:2005
ISO/IEC 27001
ISO 27001:2005
ISO 27001
ISO/IEC 27002:2005
ISO/IEC 27002
ISO 27002
Information technology – Security techniques – Code of Practice for Information Security Management
ISO Code of Practice for Information Security Management
ISO/IEC 27799:2008
ISO 27799:2008
ISO 27799
ISO 27799 Health Information –
Information Security – management in health using
ISO/IEC 27002
Health Information – Information Security – management in health using ISO/IEC 27002
ISO/IEC 27005:2008
ISO/ICE 27005
ISO 27005:2008
ISO 27005
ISO27005:2008 Information technology-Security technology- Information Security Risk Management
ISO27005 Information technology-Security technology-
Information Security Risk Management
Information technology-Security technology- Information Security Risk Management
ISO/DIS 31000
ISO 31000
ISO/DIS 31000 Risk Management – Principles and guidelines on implementation
Risk Management – Principles and guidelines on implementation
Code of practice
Code of practice for information security management
ISO Standards
ISO Security Standards
National Institute of Standards
NIST
National Institute of Standards Special Publications
National Institute of Standards SP
NIST SP

NIST SP 800-53
NIST 800-53 Guide for Assessing
the Security Controls in Federal Information Systems
NIST 800-53A
NIST 800-53A Guide for Assessing the Security Controls in Federal Information Systems
NIST SP 800-66
NIST SP 800-66 An Introductory
Resource Guide for Implementing the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
NIST 800-122
NIST 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Resource Guide for Implementing
the Health Insurance Portability and Accountability Act (HIPAA) Security Rule
NIST 800-122
NIST 800-122 Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)
Payment Card Industry
Payment Card Industry – Data Security Standard
Payment Card Industry – Data Security Standard v1.1
Payment Card Industry – Data Security Standard v1.2
PCI
PCI-DSS
PCI-DSS v1.1
PCI-DSS v1.2
SAS 70
Statement on Auditing Standards 70
SAS 70 Type I
SAS 70 Type II
Canadian Government Operation Security Standard: Management of Information Technology Security
MITS
National Standard of Canada Entitled Model Code for the Protection of Personal Information
BITS-SIG
BITS-AUP
CIP Reliability Standards

Frameworks

CobiT
COBiT
Control Objectives for Information and Related Technology
Cobit 4.1
Information Systems Audit and Control Foundation
ISACF
CobiT Framework
IT Governance
High Level Control Objectives
Control Objectives
Plan and Organize
Acquire and Implement
Deliver and Support

Monitor and Evaluate
ITIL
Information Technology Infrastructure Library
Common Framework for Networked Personal Health Information
The Internal Security Trust and Privacy Alliance
ISTPA
ISTPA Privacy Framework
APEC Privacy Framework
Asia-Pacific Economic Cooperation Privacy Framework

Guidance

FFIEC
Federal Financial Institutions Examination Council
FFIEC Remote Deposit Capture Guidance
Remote Deposit Capture
RDC
FFIEC IT Examination Booklet Information Security
FFIEC Information Security Booklet
FFICE Outsourcing Technology Services Booklet
Safeguarding Against and Responding to the Breach of Personally Identifiable Information
OECD
Organisation for Economic Co-operation and Development
Guidelines on the Protection of Privacy and Transborder Flows of Personal Data

UN Guidelines Concerning Personalized Computer Files
Generally Accepted Privacy Principles
GAPP
Privacy Impact Assessment Guide
Bank Secrecy Act
Anti-Money Laundering Examination Manual
Interagency Guidelines Establishing Standards for Safeguarding Customer Information Standards for Safety and Soundness; Final Rule

Home | Solutions | Contact Us | Top