StudyDaddy Information Systems Compliance, Privacy, and Security are notably different. What does each of these include? Who in the organization is responsible for administering each of these? What regulations might apply to each?

Compliance, Privacy, and Security are notably different. What does each of these include? Who in the organization is responsible for administering each of these? What regulations might apply to each?

Compliance

Compliance can be defined as the state in which all the rules and regulations imposed by the organization are being followed properly (Gasior, 2020). It can also be understood as the process through which the organization ensures that all the resources in it are abiding by the rules, they have setup. The compliance can be implemented level wise. For example, in a financial organization there can be two levels internal and external (What is Compliance?, 2020). Level 1 deals with the rules that are setup by considering the organization as one entity. Level 2 compliance will be related to controlling the internal systems. Compliance officer will be responsible for administering all the activities related to compliance in an organization. The duty of the compliance officer is to work with the employees and the management to identify the risk that the organization can be prone to. His/her objective is to make sure that all the systems are in the control of organization having sufficient management of risks. Responsibility of the officer is to offer services to the organization in-house to effectively manage the business areas to be compliant to the rules that are setup. With the increase in the number of rules that an organization needs to be compliant to is increasing. To avoid the complexity in managing them they can be grouped based on the category they control. This type of compliance is termed as regulatory compliance. Based on the applicable regulation, requirements should be determined. Once done they needs to be documented and applied in the organization along with monitoring them for any update if required. Some of the regulations that come under compliance are as follows (Rouse, n.d.):

  • Dodd-Frank Act

  •  Payment Card Industry Data Security Standard (PCI DSS)

  •  Health Insurance Portability and Accountability Act (HIPAA)

  •  Federal Information Security Management Act (FISMA)

  •  Sarbanes-Oxley Act (SOX)

  • EU's General Data Protection Regulation (GDPR)

  • California Consumer Privacy Act (CCPA).

Privacy

Privacy can be understood as the information or resources that are owned by people or the organization secluded form others. Organization can have data related to customers which is treated private to them. Such information when being stored, processed or analyzed should be abiding to the privacy policies of the owners of it. The organization should be in a position to develop, implement and update the privacy policies, that makes sure that all the rules that are applicable to such information are followed. When the privacy is considered related to data, data protection officer will be responsible to administer the operations that need to be carried out to be complaint to the privacy policies (Vellenueve, 2019). The regulations that needs to be applied under privacy are providing complete privacy to the information owned by the individuals and the organization, proactive prevention of any suspicious activities happening or threats that the resources are prone to. Some of them are:

  • Privacy and Personal Information Protection Act (PPIP act) – ensures that all the personal information being stored, processed and analyzed abide to information protection principles (A guide to privacy laws in NSW, 2019).

  • The Health Records Information Privacy Act 2002 (HRIP Act) - ensures that all the health information being stored, processed and analyzed abide to health privacy principles (A guide to privacy laws in NSW, 2019).

 

 

Security

            Security in an organization includes security policies, procedures and guidelines that are documented. These ensure that the information related to the clients in the organization has confidentiality, integrity and availability by making use of the security policies defined. Security personnel of the organization will be responsible in handling all the activities that the organization needs to carry out in ensuring security. The regulations that can come under security could be not allowing unauthorized users to access sensitive data, the authorized users should not be able to modify any data or resource state improperly. Some of the regulations and laws that are applicable to security are as follows (The security laws, regulations and guidelines directory, 2012):

  • Sarbanes-Oxley Act (SOX)

  • Payment Card Industry Data Security Standard (PCI DSS)

  • Gramm-Leach-Bliley Act (GLB) Act

  • Electronic Fund Transfer Act, Regulation E (EFTA)

  • Customs-Trade Partnership Against Terrorism (C-TPAT)

  • Free and Secure Trade Program (FAST)

  • Children's Online Privacy Protection Act (COPPA)

  • Fair and Accurate Credit Transaction Act (FACTA)

 

References

A guide to privacy laws in NSW. (2019). Retrieved from Information and Privacy Comission: https://www.ipc.nsw.gov.au/guide-privacy-laws-nsw

Gasior, M. (2020). What Is Corporate Compliance and Why It’s Important. Retrieved from PowerDMS: https://www.powerdms.com/blog/what-corporate-compliance-is-why-compliance-is-important/#:~:text=The%20definition%20of%20compliance%20is,apply%20to%20your%20organization%20and

Rouse, M. (n.d.). regulatory compliance. Retrieved from Tech Target: https://searchcompliance.techtarget.com/definition/regulatory-compliance#:~:text=Examples%20of%20regulatory%20compliance%20laws,EU's%20General%20Data%20Protection%20Regulation%20(

Tailor, L. (2001). Read your firewall logs! Retrieved from ZDNet: https://www.zdnet.com/article/read-your-firewall-logs-5000298230/

 

The Need for Comprehensive Firewall Logs Analyzer Application. (2018). Retrieved from Firewall Logs Monitoring: https://www.manageengine.com/products/firewall/firewall-logs.html

The security laws, regulations and guidelines directory. (2012). Retrieved from CSO: csoonline.com/article/2126072/compliance-the-security-laws-regulations-and-guidelines-directory.html

 

Vellenueve, L. (2019). Who's Responsible for Protecting Our Privacy? Retrieved from ASIS: https://www.asisonline.org/security-management-magazine/monthly-issues/security-technology/archive/2019/September/whos-responsible-for-protecting-our-privacy/

What is Compliance? (2020). Retrieved from ICA- International Compliance Association: https://www.int-comp.org/careers/your-career-in-compliance/what-is-compliance/

Have a similar question?

Continue to edit or attach image(s).

  • Fast and convenient

    Fast and convenient

    Simply post your question and get it answered by professional tutor within 30 minutes. It's as simple as that!

  • Any topic, any difficulty

    Any topic, any difficulty

    We've got thousands of tutors in different areas of study who are willing to help you with any kind of academic assignment, be it a math homework or an article.

  • 100% Satisfied Students

    100% Satisfied Students

    Join 3,4 million+ members who are already getting homework help from StudyDaddy!