Cyber Compliance and Regulatory

Cyber Compliance and Regulatory

Compliance and regulatory frameworks are sets of guidelines and best practices. Organizations follow these guidelines to meet regulatory requirements, improve processes, strengthen security, and achieve other business objectives (such as becoming a public company, or selling cloud solutions to government agencies).


These frameworks give us a common language that can be used from the server room to the boardroom. These standards are leveraged by:

  • Internal auditors and other internal stakeholders to evaluate the controls in place within their own organization.
  • External auditors to evaluate and attest to the controls in place within an organization.
  • Third parties (potential customers, investors, etc.) to evaluate the potential risks of partnering with an organization.

image

Achieving compliance within a regulatory framework is an ongoing process. Your environment is always changing, and the operating effectiveness of a control may break down. Regular monitoring and reporting is a must, and guidance on exactly what “regular monitoring” entails is also outlined within each framework.


If you work with or are part of an information security (IS) team, here are some of the regulatory frameworks you might come across:

Add a Comment