Translating Corporate Policy into Technical Controls

All industries are subject to the increasing scrutiny of regulatory commissions. Each organization may be subject to a different combination of laws and regulations. Legal counsels and privacy officers have the challenge of crafting policies that encapsulate the requirements of these regulations in a manner that’s appropriate to their organizations.

All industries are subject to the increasing scrutiny of regulatory commissions. Each organization may be subject to a different combination of laws and regulations. Legal counsels and privacy officers have the challenge of crafting policies that encapsulate the requirements of these regulations in a manner that’s appropriate to their organizations.

Once these policies have been published, you’re ready to implement a technology to enforce them. Solutions that report on which files have been accessed and by whom (i.e. CA-Enterprise Log Manager) or a solution to ensure protected data is kept within the corporate perimeter (i.e. CA-Data Loss Prevention) or a combination of solutions in a suite.  These tools are designed to assist organizations demonstrate their performance of due diligence and proactive efforts to protect sensitive information.

To assist your organization meet its regulatory needs contact the compliance experts at IDMWorks.  Our DLP expertise can translate your corporate policies into real time technical controls to improve your compliance posture and reduce your exposure to data loss.

Below are several resources for federal regulatory commissions related to Personally Identifiable Information (PII):

Health Insurance Portability and Accountability Act (HIPAA)

Confidential Information Protection and Statistical Efficiency Act (CIPSEA) Implementation Guidance

Gramm-Leach-Bliley Act (GLBA)

Freedom of Information Act (FOIA)

Payment Card Industry Data Security Standards (PCI DSS)

Federal Information Security Management Act (FISMA)

Identity Theft and Assumption Deterrence Act of 1998