7 Regulations that send a Chill down an Enterprise’s Spine

In a world where compliance can make or break an enterprise, regulations are modern commandments

Let’s face it; no enterprise today really knows that they are completely compliant with all the regulations they are supposed to comply with. Firstly, there are a lot of them, and, as they change every couple of years, there are more grey areas in these regulations than there are craters on the moon. And, of course, if you are doing business in multiple nations then God help you.

In a world where compliance can make or break an enterprise, regulations are the modern commandments.

Here are some regulations that keep CIOs up at night:

PCI DSS

The tagline of this regulation should be “Doing nothing is not an option”. If an enterprise is touching any kind of card data (or even just passing it through), the Payment Card Industry Data Security Standards (PCI DSS) apply. Non compliance can result in fines of up to $500,000 by banks and credit card companies, in addition to loss of reputation, civil litigation, and suspension of credit card acceptance. The consequences of PCI DSS non compliance should scare any enterprise whose revenue is significantly reliant on e-commerce.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) is a US regulation to protect all kind of healthcare-related information. The HIPAA security rule specifically establishes standards for managing any kind of electronic health information. This applies to not only hospitals but also any organization that handles such information. The penalties that a single violation can cost you could be up to $50,000, and repeat violations can go up to $1,500,000. Violations can additionally carry criminal charges and result in jail time.

FISMA

The Federal Information Security Management Act (FISMA) applies to any organization that is dealing with US government federal information. This includes any agency, contractor, and other source that provides or manages such information. Any violation or even a low FISMA score can result in huge reputational damage to a firm, along with significant budget cuts to the corresponding agency.

SOX

The Sarbanes-Oxley (SOX) act applies to public companies and some private companies and has regulations relating to information disclosure and records retention. Additionally, it mandates the enterprises to assess and document, through internal and external audits, the effectiveness of the controls over their financial reporting. SOX violations contain harsh penalties, and a fine of up to $5million along with 20 years of jail time. It is also instructive to note that the median settlement values for individuals charged with violating SOX regulations have been doubling every 3 years.

GDPR

The EU has introduced a new regulation — General Data Protection Regulation (GDPR) which applies to anyone who is based in EU or is dealing with information and data belonging to EU, from May 2018. GDPR provides individuals within the EU with rights over their personal information like right to be informed, right of access, right to rectification, right to erasure, right to restrict processing, right to data portability, right to object, and rights related to automated decision making and profiling. Every enterprise dealing with the personal information of an EU citizen will need to comply. Non compliance can result in fines of up to €20 million or 4% of the annual turnover.

NISD

The Network and Information Security Directive (NISD) is a European Union regulation that applies to all operators of essential services and digital service providers (DSPs). While this regulation has not yet been applied, it is complementary to the GDPR regulation and is expected to be active in 2018–19. The penalties are yet to be finalized, but in the true EU fashion you can expect them to be spine-chilling.

India Toll Compliance

The India Toll Compliance regulation is created by DoT (Department of Telecommunication) and enforced by TRAI (Telecom Regulatory Authority of India). It regulates telephony in India, which applies to call centres running out of there and restricts any kind of toll bypass using Internet Telephony. Violations carry punitive damages, and a possibility of losing the license.

Regulatory Compliance is today an essential department for an enterprise. But the sheer number of compliances that are required and the massive overhead in ensuring compliance means that organizations are increasingly looking for lightweight, automated solutions to track, monitor, manage, and, where possible, certify compliance.

– Article written by Sreekanth Nemani

About the Author

Sreekanth Nemani is a telecom expert with 4 international patents and 2 well-cited publications. He holds a Masters degree in Computer Science from Utah State University. He is a researcher and a deep thinker. His research areas include disaster recovery of SIP based networks. With over a decade of experience at Avaya in various capacities, Sreekanth has a wide experience and in-depth knowledge.

Currently he works at SmarterHi communications, the makers of Assertion, as a business architect. He is researching on global policies like HIPAA and PCI and how to automate their compliance.


7 Regulations that send a Chill down an Enterprise’s Spine was originally published in Assertion on Medium, where people are continuing the conversation by highlighting and responding to this story.

Introducing Assertion v3.5.1

Assertion’s latest release reduces by upto 75% the overall compliance effort through faster scans, enterprise integrations, modular building blocks and enhanced reporting

  • Dramatic increases to speed and scalability have been made by our Engineering team, through support for large scale parallel scanning. These improvements have increased the performance of Assertion ten fold, and they were verified in the field by scanning 300 servers with 10 parallel scans. Assertion is now guaranteed to handle compliance at even the largest of enterprises without breaking a sweat.
  • New Compliance scores for target systems enhance the decision making ability of Compliance managers and leads. These compliance scores actively measure the gap between the current state of each target system and the desired full-compliance state and generate tracking reports. These act as enablers for Compliance managers to plan and implement well defined strategies and directing the efforts of their teams optimally, resulting in overall improved decision making.
  • A Significantly enhanced standard building framework with modular building blocks, makes the process of policy creation a breeze, thus tremendously reducing the turn around time from policy formulation to policy enforcement. This directly translates into higher savings in time and money, and better productivity for the enterprise.
  • Integration with Enterprise User Management platforms through support for LDAP, smoothens the process of Configuration and Deployment of Assertion in the Enterprise significantly and helps them create coherent and well integrated solutions in their Setup.
  • Improvements in scan administration persistence and more refined email scan reports, eases the operational management of Assertion for the compliance teams.
  • Assertion has now added transparency features, that show to the Enterprise administrators and managers the detail information on the amount of resources used by assertion in performing its scans.


Introducing Assertion v3.5.1 was originally published in Assertion on Medium, where people are continuing the conversation by highlighting and responding to this story.