Regulatory Compliance Requirements

Regulatory compliance requirements and Information Security wordleIs your company doing enough?

Regulatory compliance requirements aren’t a huge part of life for every business. Yet any company that handles money or personally identifying information must comply with basic requirements for things like security and training. According to an official with the Justice Department, even businesses such as banks aren’t doing enough to meet regulatory compliance requirements.

James Cole, the Justice Department’s Deputy Attorney General, said at the end of 2013 that companies — particularly banks — aren’t doing enough to get the message about compliance through to employees at all levels of an organization. One of the things the department looks at during investigations following a breach or malfeasance is whether a company worked to communicate about and train employees on security or compliance.

Regulatory Compliance Requirements Key Areas

Every industry is governed by varying regulatory compliance requirements, but each rule set has some key areas in common. Whether companies are seeking to comply with HIPAA or PCI and FACTA or Gramm-Leach-Bliley guidelines, confidentiality is a key compliance area. Information must be protected from unauthorized access or use — even by employees within the organization.

Other key areas of most regulatory standards include:

  • Availability
  • Integrity
  • Authentication
  • Auditing
  • Change Management

Companies must work to ensure records and information are available for consumers and to fuel normal procedures. Even if errors or technical issues occur. Information integrity should be maintained. That means records are not altered inappropriately and access and alteration to records should be logged for review if necessary. Access to information — whether done by a person or computer — should require a certain level of authentication. That could include network handshakes, encryption, or password use. Changes to systems should always be reviewed from a compliance viewpoint to ensure processes don’t put information at risk.

Helping Companies Who Handle Financial Info

Many of our clients are in the financial industry – like banks, credit unions and financial advisors. So we understand the regulatory compliance requirements related to FACTA, the Gramm-Leach-Bliley Act, and Red Flags Rule. We partner with Southern California businesses to remain compliance by shredding confidential documentation and destroy electronic media once they reached their end of life. We even provide free secure document bins and consoles to keep materials safe in between shredding visits.

Need help in maintaining control of sensitive info? The Sergeant can help.