American Institute of Certified Public Accountants (AICPA SOC2)
The AICPA's Service Organization Control 2 (SOC2) is an auditing standard that helps organizations and service providers protect customer data through a set of criteria based on five trust service principles: security, availability, processing integrity, confidentiality, and privacy. Organizations and service providers who meet this standard demonstrate that they have safeguarded customer data in a secure environment while maintaining the highest level of confidentiality.
American Institute of Certified Public Accountants (AICPA SOC3)
The American Institute of Certified Public Accountants (AICPA) publishes its Service Organization Control 3 (SOC 3) report which is an assurance of reliability and security, providing publicly accessible proof of the design and operating effectiveness of a specific service provider's controls related to security, availability, processing integrity and confidentiality.
California Consumer Privacy Act (CCPA)
The California Consumer Privacy Act (CCPA) is a state statute intended to enhance privacy rights and consumer protection for residents of California, United States. The bill was passed by the California State Legislature and signed into law by Jerry Brown, Governor of California, on June 28, 2018, to amend Part 4 of Division 3 of the California Civil Code.Officially called AB-375, the act was introduced by Ed Chau, member of the California State Assembly, and State Senator Robert Hertzberg.
Cloud Computing Compliance Criteria Catalogue (C5:2020)
In 2016, the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI) created the Cloud Computing Compliance Criteria Catalogue (C5) as an auditing standard. It is intended for cloud service providers (CSPs), their auditors, and customers of the CSPs. C5 established a mandatory minimum baseline for cloud security and the adoption of public cloud solutions by German government agencies and organizations that work with government. C5 is also being increasingly adopted by the private sector.
Cloud Security Alliance: Protecting Cloud
Cloud Security Alliance (CSA) is a not-for-profit organization with the mission to “promote the use of best practices for providing security assurance within cloud computing, and to provide education on the uses of cloud computing to help secure all other forms of computing."
Federal Risk and Authorization Management Program (FedRAMP)
FedRAMP is a government-wide program that provides a standardized approach to security assessment and authorization of cloud products and services for use by U.S. federal agencies. The program brings together uniform requirements for risk management and puts into place consistent levels of security for data stored in the cloud and other IT systems used by federal organizations. FedRAMP ensures that federal data is securely managed and protected against unauthorized access, with rigorous security measures taken to ensure its safety.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (EU) 2016/679 (GDPR) is an EU regulation designed to strengthen the protection of individuals' personal data and ensure that their personal data is secure, both within and outside the European Union. The GDPR grants individuals more control over their personal data, as well as regulates the companies that process it. It also outlines procedures for transferring personal data outside of the EU area, in order to ensure that it remains secure. Ultimately, the GDPR ensures stricter security guidelines so companies are better able to protect individuals' privacy rights.
Health Insurance Portability and Accountability Act (HIPAA)
The Health Insurance Portability and Accountability Act (HIPAA) is a United States federal law that requires healthcare businesses to protect their clients' and patients' personal information. This policy, enforced by the U.S. Department of Health and Human Services (HHS), safeguards sensitive health data from being shared without consent or knowledge of the patient. By adhering to HIPAA guidelines, healthcare organizations are able to keep their practices compliant with this federal law.
Information Security Management System (ISO/IEC 27701)
ISO/IEC 27701:2019 (formerly known as ISO/IEC 27552 during the drafting period) is a privacy extension to ISO/IEC 27001. The design goal is to enhance the existing Information Security Management System (ISMS) with additional requirements in order to establish, implement, maintain, and continually improve a Privacy Information Management System (PIMS). The standard outlines a framework for Personally Identifiable Information (PII) Controllers and PII Processors to manage privacy controls to reduce the risk to the privacy rights of individuals.
Information Security Management System (ISO/IEC 27017)
ISO/IEC 27017 is a security standard developed for cloud service providers and users to make a safer cloud-based environment and reduce the risk of security problems. It was published by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) under the joint ISO and IEC subcommittee, ISO/IEC JTC 1/SC 27.It is part of the ISO/IEC 27000 family of standards, standards which provides best practice recommendations on information security management.