Regulatory Compliance I have Encountered In My Career

Every IT guy, whether he is a junior developer, trainee, Senior developer, Technical Lead, Project Manager, Architect etc would have encountered some regulatory compliance while working on a project, whether its on a Banking and Finance sector or Medical or E-Commerce etc.

In this post I will be giving you a high level overview of some of the regulatory compliance that I hav encountered in my IT career. These are very few but most common ones.

1. PCI DSS - Payment Card Industry Data Security Standard, which sets the requirements for organizations and sellers to safely and securely accept, store, process, and transmit cardholder data during credit/debit/prepaid card transaction to prevent fraud and data breaches

2. GDPR - The General Data Protection Regulation is a regulation in European Union law on data protection and privacy in the European Union and the European Economic Area. Companies who handle data (Basic identity information such as name, address and ID numbers, Web data such as location, IP address, cookie data and RFID tags, Health and genetic data, Biometric data, Racial or ethnic data, Political opinions, Sexual orientation) must comply to this regulation.

3. NIST - The National Institute of Standards and Technology under the United States Commerce Department created the Cybersecurity Framework, which is not a regulation but a framework with set of guidelines for private sector companies to follow to be better prepared in identifying, detecting, and responding to cyber-attacks.

4. CCPA - The California Consumer Privacy Act gives consumers more control over the personal information that businesses collect about them. This gives the consumer right to know about the personal information a business collects about them and how it is used and shared, the right to delete personal information collected from them (with some exceptions), the right to opt-out of the sale of their personal information and the right to non-discrimination for exercising their CCPA rights.

5. HIPAA - The Health Insurance Portability and Accountability Act sets the standard for sensitive patient data protection. Companies that deal with protected health information (PHI) must have physical, network, and process security measures in place and follow them to ensure HIPAA Compliance.

6. FedRAMP - The Federal Risk and Authorization Management Program is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. So any company that deals with processing or handling federal data must be in compliance.