Compliance
Compliance with regulations and standards
In the modern world, the operation of companies in local and international markets is governed by various rules and regulations that contain specific requirements for information technology infrastructure. These rules and regulations define requirements that corporate information security systems must meet; they also govern the protection of investors’ and residents’ rights, define internal control and audit principles and operational risks, including those found in various industries such as banking and telecommunication.
Today almost every country has laws to protect the personal data of its residents. Those companies who carry out their business operations in local markets must meet the requirements of local laws and regulations and guarantee the safety of the private information of its staff members and the customers alike. Almost every country has customized rules and regulations that regulate the operations of companies working in various market segments. Large companies that carry out their businesses on several national markets face most the difficulties in connection with this. They have to deal with the requirements of a wide variety of laws, including these:These and other laws require that companies take reasonable steps (organizational, technical, and so on) to protect private information and prevent data leaks and abuses by its own staff members. For example, US law HIPAA requires that companies protect private medical data of residents, and the law GLBA requires that companies protect the safety of private financial details. According to the law of the Russian Federation “On private information” any information system that includes a personal database and any information and technical facility used to process personal data must meet the requirements for the protection of confidential private information (Article 19, Paragraph 1). Any violation of this federal law results in administrative liability of the people involved and may lead to a suspension or cancellation of the license held by the company.
Implementation of InfoWatch solutions makes it possible to comply with the requirements of international and national laws regulating corporate information security, the protection of investor and resident rights, internal control and audit principles, and operational risks including risks occurring in various industries, such as banking and telecommunication services. As far as financial and banking regulations are concerned, InfoWatch products provide for compliance with documents such as the standard of the Central Bank of the Russian Federation (STO BR IBBS-1.0-2006), Corporate Management Code of the Federal Service for Financial Markets of the Russian Federation, SOX (USA), Basel II (EU), the standard Payment Card Industry Data Security Standard (PCI DSS), and so on.
The technical capabilities of InfoWatch solutions provide not only for the detection of confidential data leaks but also allow the organization to block the leaks and prevent theft. InfoWatch products provide for a comprehensive solution of the insider problem by blocking every leak channel and documenting every transaction with confidential data. The InfoWatch comprehensive solution also includes maintenance and consulting services, under which InfoWatch specialists will provide assistance in developing and implementing information technology security policies, and the selection of organizational and technical information protection measures.
As you can see, the implementation of InfoWatch solutions lets companies prevent confidential information leaks, minimize related operational and reputation risks, and avoid the loss of competitive advantage.
If you need more information regarding how InfoWatch solutions help companies meet the requirements of various legal acts, click here.