|
Law
or
standard |
Sector |
Objective |
|
Sarbanes-Oxley |
Companies listed on the NY Stock Exchange |
Protection of investors requiring, among
other things, that the companies concerned
have a COSO internal control framework in
order to ensure the confidentiality,
integrity and transparency of financial
information. |
|
HIPAA |
Health
|
Protection of the confidentiality, integrity
and availability of medical information.
|
|
PCI |
Credit cards |
Protection of the confidentiality of credit
card information registered and used by
Internet retail businesses.
|
|
GLBA Gramm Leach Bliley
|
U.S. financial sector |
Protection of the confidentiality and
integrity of personal financial information
registered by financial institutions. |
|
BASEL II |
World banks |
Reinforcement of banking risk management
systems, particularly credit risks and
operational risks for the banks.
|
|
Solvability II |
European insurance |
Reinforcement of the risk management system,
particularly with respect to operational
risks and capital requirements of European
insurers. |
|
NERC-CIP |
North American energy
|
Reinforcement of the protection of critical
cyber assets in relation to the reliability
of the electricity system.
|
|
CICA 5970 et SAS 70 |
All |
Ensure service quality and security of the
processes hosted by a supplier. Note that
section 5970 is not a law but a standard. |
Confidentiality
of information