Compliance and regulatory frameworks are sets of guidelines and best practices. Organizations follow these guidelines to meet regulatory requirements, improve processes, strengthen security, and achieve other business objectives (such as becoming a public company, or selling cloud solutions to government agencies).
These frameworks give us a common language that can be used from the server room to the boardroom. These standards are leveraged by:
Achieving compliance within a regulatory framework is an ongoing process. Your environment is always changing, and the operating effectiveness of a control may break down. Regular monitoring and reporting is a must, and guidance on exactly what “regular monitoring” entails is also outlined within each framework.
If you work with or are part of an information security (IS) team, here are some of the regulatory frameworks you might come across:
Add a Comment