IT Regulatory Compliance in North America

A clear and concise introduction to the rules for IT in North America

In today's computer-driven world, every modern business depends on its information technology. This means that IT systems have to be protected and regulated. If your organization has a presence in North America, you need to be familiar with the relevant laws and standards for IT governance. IT is a key component of the US legislation relating to corporate governance and privacy. In addition, the Basel 2 Accord, the Fair Credit Reporting Act and the online banking standards of the Federal Financial Institutions Examination Council (FFIEC) all have important IT governance implications. Canada also has its own Personal Information Protection and Electronic Documents Act (PIPEDA). With such a wide range of rules and regulations, where do you begin?

This pocket guide is intended as a brief, accessible survey of the major North American legislation relating to IT and information security. It provides a concise summary of the IT governance provisions currently in effect in Canada and the United States. Including advice on the requirements for preserving corporate records, the guide will help you to identify any gaps in your organization's IT compliance regime.

Benefits to business include:

• Avoid breaches of criminal or civil law
• The pocket guide covers the key IT compliance issues for organizations operating in North America
• Find out about the IT Governance requirements of Sarbanes-Oxley
• The Sarbanes-Oxley Act of 2002 (SOX) was passed in response to the Enron scandal. Compliance with Sarbanes-Oxley is mandatory and failure to comply can result in significant penalties for individual directors. Tis pocket guide explains the internal controls over your IT systems that SOX requires you to maintain
• Understand the requirements of GLBA
• The Gramm-Leach-Bliley Act or Financial Services Modernisation Act covers all US-regulated financial services corporations. The pocket guide outlines the information security requirements of the Act and looks at how they are enforced
• Learn about Safe Harbor compliance
• Under the Safe Harbor framework, US corporations that have operations in the EU are permitted to receive European data. The pocket guide outlines the advantages for an American company of Safe Harbor compliance

This pocket guide covers essential North American IT- and information-related regulation, including:

• Corporate governance, particularly Sarbanes-Oxley
• Basel2
• Breach Notification laws
• Online personal privacy
• Workplace privacy
• HIPAA
• GLBA
• FRCA
• CAN-SPAM Act
• FISMA
• FFIEC
• EU Safe Harbor Framework
• PIPEDA
• Intellectual Property Rights
• Safeguarding organizational records

Everyone in the organization should be aware of their specific responsibilities, and the specific controls and individual responsibilities to meet these requirements should be documented and kept up-to-date, and should be linked to the list of all the data assets and processes in the organization, together with their ownership details.