| |
Comprehensive Regulatory Content Library
The Compliance Spectrum content library represents the broadest array of regulatory content in the industry. The library provides regulatory content for federal, state and international mandates as well as industry accepted standards. Content is developed and maintained by subject matter experts and vetted by legal experts.
Compliance Spectrum has agreements with the IT Governance Institute, ANSI (American National Standards Institute), the SOX Institute, Network Frontiers and other organizations who provide vetted regulatory content.
Regulatory content is provided in the following categories for use with Spectra.
To learn more about our regulatory content, contact sales at sales@compliancespectrum.com or call us at (866) 206-5602.
Sarbanes Oxley
Sarbanes-Oxley Act (SOX)
PCAOB Auditing Standard No. 2
AICPA SAS 94
AICPA/CICA Privacy Framework
AICPA Suitable Trust Services Criteria
Retention of Audit and Review Records, SEC 17 CFR 210.2-06
Controls and Procedures, SEC 17 CFR 240.15d-15
Reporting Transactions and Holdings, SEC 17 CFR 240.16a-3
COSO Enterprise Risk Management (ERM) Framework
For more information on Spectra for SOX click here > >
Top
Healthcare and Life Science
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA HCFA Internet Security Policy
Introductory Resource Guide for HIPAA NIST (800-66)
CMS Core Security Requirements (CSR)
CMS Information Security Acceptable Risk Safeguards (ARS)
CMS Information Security Certification and Accreditation (C&A) Methodology
CMS Info Security Business Risk Assessment
CMS Business Partners Systems Security Manual
FDA Electronic Records; Electronic Signatures FDA 21 CFR Part 11+D1
For more information on Spectra for HIPPA click here > >
Top
Energy
FERC Security Program for Hydropower Projects
North American Electric Reliability Corporation Critical Infrastructure Protection Cyber Security Standards
For more information on Spectra for NERC click here > >
Top
U.S. Federal Security
FTC Electronic Signatures in Global and National Commerce Act (ESIGN)
Uniform Electronic Transactions Act (UETA)
FISMA (Federal Information Security Management Act)
FISCAM (Federal Information System Controls Audit Manual)
FIPS 140-2, Security Requirements for Cryptographic Modules
FIPS 191, Guideline for the Analysis of LAN Security
FIPS 199, Standards for Security Categorization of Federal Information and Information Systems
FIPS 200, Minimum Security Requirements for Federal Information and Information Systems
Clinger-Cohen Act (Information Technology Management Reform Act)
DoD 5220.22-M, National Industrial Security Program Operating Manual
The National Strategy to Secure Cyberspace
GAO Financial Audit Manual
Standard for Electronic Records Management Software, DOD 5015.2
CISWG Report on the Best Practices Subgroup
CISWG Information Security Program Elements
Appendix III to OMB Circular No. A-130: Security of Federal Automated Information Resources
US Export Administration Regulations
For more information on Spectra for FISMA click here > >
Top
Banking and Finance
Basel II: International Convergence of Capital Measurement and Capital Standards - A Revised Framework
BIS Sound Practices for the Management and Supervision of Operational Risk
Gramm-Leach-Bliley Act (GLB)
Standards for Safeguarding Customer Information, FTC 16 CFR 314
Privacy of Consumer Financial Information, FTC 16 CFR 313
Safety and Soundness Standards, Appendix of OCC 12 CFR 30
FFIEC Information Security
FFIEC Development and Acquisition
FFIEC Business Continuity Planning
FFIEC Audit
FFIEC Management
FFIEC Operations
For more information on Spectra for GLBA click here > >
Top
Payment Card
PCI DSS (Payment Card Industry Data Security Standard)
PCI DSS Security Scanning Procedures
Payment Card Industry Security Audit Procedures v1.1
VISA CISP: What to Do If Compromised
MasterCard Wireless LANs - Security Risks and Guidelines
American Express Data Security Standard (DSS)
VISA Incident Response Procedure for Account Compromise
BBB Online Code of Business Practices
MasterCard Electronic Commerce Security Architecture Best Practices
For more information on Spectra for PCI click here > >
Top
NASD NYSE
NASD Manual
NYSE Rules
Recordkeeping rule for securities exchanges, SEC 17 CFR 240.17a-1
Records to be made by certain exchange members SEC 17 CFR 240.17a-3
Records to be preserved by certain exchange members SEC 17 CFR 240.17a-4
Record keeping SEC 17 CFR 240.17Ad-6
Record retention SEC 17 CFR 240.17Ad-7
Top
U.S. Internal Revenue
IRS Revenue Procedure: Retention of books and records, 97-22
IRS Revenue Procedure: Record retention: automatic data processing, 98-25
IRS Internal Revenue Code Section 501(c)(3)
Top
Records Management
Federal Rules of Civil Procedure
Uniform Rules of Evidence
ISO 15489-1, Information and Documentation: Records management: General
ISO 15489-2, Information and Documentation: Records management: Guidelines
The DIRKS Manual: A Strategic Approach to Managing Business Information
The Sedona Principles Addressing Electronic Document Production
Top
NIST Publications
Generally Accepted Principles and Practices for Securing Information Technology Systems, NIST SP 800-14
Developing Security Plans for Federal Information Systems, NIST SP 800-18
Security Self-Assessment Guide, NIST SP 800-26
Risk Management Guide, NIST SP 800-30
Underlying Technical Models for Information Technology Security
Contingency Planning Guide for Information Technology Systems, NIST SP 800-34
Creating a Patch and Vulnerability Management Program, NIST SP 800-40
Guidelines on Firewalls and Firewall Policy, NIST SP 800-41
Recommended Security Controls for Federal Information Systems, NIST SP 800-53
Guide for Mapping Types of Information and Information Systems to Security Categories, NIST SP 800-60
Computer Security Incident Handling Guide, NIST SP 800-61
Security Considerations in the Information System Development Life Cycle, NIST SP 800-64
Top
General Guidance
CobiT 3rd Edition
CobiT 4.0
ISACA IS Standards, Guidelines, and Procedures for Auditing and Control Professionals
Disaster / Emergency Management and Business Continuity, NFPA 1600
ISF Standard of Good Practice for Information Security
ISF Security Audit of Networks
A Risk Management Standard, jointly issued by AIRMIC, ALARM, and IRM
Business Continuity Institute (BCI) Good Practice Guidelines
ISSA Generally Accepted Information Security Principles (GAISP)
CERT Operationally Critical Threat, Asset & Vulnerability Evaluation (OCTAVE)
The GAIT Methodology
AICPA Incident Response Plan: Template for Breach of Personal Information
IIA Global Technology Audit Guide (GTAG)
For more information on Spectra for COBIT click here > >
Top
International Standards Organization
ISO 73:2002, Risk Management - Vocabulary
ISO 13335, Information Technology - Guidelines for Management of IT Security
ISO 27001/27002:2000, Code of Practice for Information Security Management
ISO 27001/27002:2005, Code of Practice for Information Security Management
ISO 27001:2005, Information Security Management Systems - Requirements
ISO/IEC 20000-12:2005 Information technology - Service Management Part 1
ISO/IEC 20000-2:2005 Information technology - Service Management Part 2
ISO/IEC 15408-1:2005 Common Criteria for Information Technology Security Evaluation Part 1
ISO/IEC 15408-2:2005 Common Criteria for Information Technology Security Evaluation Part 2
ISO/IEC 15408-3:2005 Common Criteria for Information Technology Security Evaluation Part 3
ISO/IEC 18045:2005 Common Methodology for Information Technology Security Evaluation Part 3
For more information on Spectra for ISO click here > >
Top
IT Information Library
OGC ITIL: Planning to Implement Service Management: [Partial Completed]
OGC ITIL: ICT Infrastructure Management: [Partial Completed]
OGC ITIL: Service Delivery: [Partial Completed]
OGC ITIL: Service Support: [Partial Completed]
OGC ITIL: Application Management: [Partial Completed]
OGC ITIL: Security Management: [Partial Completed]
Top
System Configuration
CI Security Persistent Identifiers
CI Security Solaris Benchmark v2.1
CI Security Solaris Benchmark v1.3
CI Security HP-UX Benchmark v1.3
CI Security Red Hat Enterprise Linux Benchmark v1.0
CI Security Red Hat Enterprise Linux Benchmark v1.0.5
CI Security SuSE Linux Enterprise Server Benchmark v1.0
CI Security Slackware Linux Benchmark v1.1
CI Security AIX Benchmark v1.0
CI Security FreeBSD Benchmark v1.0
CI Security Windows XP Professional SP1/SP2
CI Security Windows 2000 Server
Top
U.S. Federal Privacy
Cable Communications Privacy Act Title 47 § 551
Telemarketing Sales Rule (TSR), 16 CFR 310
CAN SPAM Act
Children's Online Privacy Protection Act (COPPA), 16 CFR 312
Driver's Privacy Protection Act (DPPA), 18 USC 2721
Family Education Rights Privacy Act (FERPA), 20 USC 1232
Privacy Act of 1974, 5 USC 552a
Video Privacy Protection Act (VPPA), 18 USC 2710
Specter-Leahy Personal Data Privacy and Security Act
Amendments to the FTC Telemarketing Sales Rule
Children's Online Privacy Protection Act
Top
U.S. State Privacy
Arkansas Personal Information Protection Act AR SB 1167
Arizona Amendment to Arizona Revised Statutes 13-2001, AZ HB 2116
California Information Practice Act, CA SB 1386
California General Security Standard for Businesses CA AB 1950
California Public Records Military Veteran Discharge Documents, CA AB 1798
California OPP Recommended Practices on Notification of Security Breach
Colorado Prohibition against Using Identity Information for Unlawful Purpose, CO HB 1134
Colorado Consumer Credit Solicitation Protection, CO HB 1274
Colorado Prohibiting Inclusion of Social Security Number, CO HB 1311
Connecticut law Requiring Consumer Credit Bureaus to Offer Security Freezes, CT SB 650
Connecticut law Concerning Nondisclosure of Private Tenant Information, CT HB 5184
Delaware Computer Security Breaches DE HB 116
Florida Personal Identification Information/Unlawful Use, FL HB 481
Georgia Consumer Reporting Agencies, GA SB 230
Georgia Public employees; Fraud, Waste, and Abuse, GA HB 656
Hawaii Exempting disclosure of Social Security numbers HI HB 2674
Illinois Personal Information Protection Act IL HB 1633
Indiana Release of Social Security Number, Notice of Security Breach IN SB 503
Louisiana Database Security Breach Notification Law, LA SB 205 Act 499
Maine law To Protect Maine Citizens from Identity Theft, ME LD 1671
Minnesota Data Warehouses; Notice Required for Certain Disclosures, MN HF 2121
Missouri War on Terror Veteran Survivor Grants, MO HB 957
Montana bill to Implement Individual Privacy and to Prevent Identity Theft, MT HB 732
New Jersey Identity Theft Prevention Act, NJ A4001/S1914
New York Information Security Breach and Notification Act
Nevada Security Breach Notification Law, NV SB 347
North Carolina Security Breach Notification Law (Identity Theft Protection Act), NC SB 1048
North Dakota Personal Information Protection Act, ND SB 2251
Ohio Personal information - contact if unauthorized access, OH HB 104
Rhode Island Security Breach Notification Law, RI HB 6191
Tennessee Security Breach Notification, TN SB 2220
Texas Identity Theft Enforcement and Protection Act, TX SB 122
Vermont Relating to Identity Theft , VT HB 327
Virginia Identity theft; penalty; restitution; victim assistance, VA HB 872
Washington Notice of a breach of the security, WA SB 6043
§ 1724 California Civil Code
Texas Business and Commerce Code, secs. 48.102, 48.103
Minnesota Plastic Card Security Act (H.F. 1758
Top
EU Guidance
EU Directive on Privacy and Electronic Communications, 2002/58/EC
EU Directive on Data Protection, 95/46/EC
US Department of Commerce EU Safe Harbor Privacy Principles
Consumer Interests in the Telecommunications Market, Act No. 661
OECD / World Bank Technology Risk Checklist
OECD Guidelines on Privacy and Transborder Flows of Personal Data
UN Guidelines for the Regulation of Computerized Personal Data Files (1990)
ISACA Cross-Border Privacy Impact Assessment
Information Technology Security Evaluation Manual (ITSEM)
Information Technology Security Evaluation Criteria (ITSEC)
Directive 2003/4/EC Of The European Parliament
Top
UK and Canadian Guidance
FSA Combined Code on Corporate Governance
Turnbull Guidance on Internal Control, UK FRC
Smith Guidance on Audit Committees, UK FRC
UK Data Protection Act of 1998
IT Service Management Standard, BS 15000-1
IT Service Management Standard - Code of Practice, BS 15000-2
British Standards Institute PAS 56, Guide to Business Continuity Management
Canada Keeping the Promise for a Strong Economy Act, Bill 198
Canada Personal Information Protection Electronic Documents Act (PIPEDA)
Canada Privacy Policy and Principles
For more information on Spectra for FSA click here > >
Top
Other European and African Guidance
Austria Data Protection Act
Austria Telecommunications Act
Bosnia Law on Protection of Personal Data
Czech Republic Personal Data Protection Act
Denmark Act on Competitive Conditions and Consumer Interests
Finland Personal Data Protection Act
Finland act on the amendment of the Personal Data Act (986/2000)
France Data Protection Act
German Federal Data Protection Act
IT Baseline Protection Manual Germany
Greece Law on the Protection of Individuals with Regard to the Processing of Personal Data
Hungary Protection of Personal Data and Disclosure of Data of Public Interest
Iceland Protection of Privacy as regards the Processing of Personal Data
Ireland Data Protection Act of 1988
Ireland Data Protection Amendment 2003
Italy Personal Data Protection Code
Italy Protection of Individuals Other Subject with regard to the Processing of Personal Data
Lithuania Law on Legal Protection of Personal Data
Luxembourg Data Protection Law
Netherlands Personal Data Protection Act
Poland Protection of Personal Data Act
Slovak Republic Protection of Personal Data in Information Systems
Personal Data Protection Act of the Republic of Slovenia of 2004
South Africa Promotion of Access to Information Act
ORGANIC LAW 15/1999 of 13 December on the Protection of Personal Data
Sweden Personal Data Act
Switzerland Federal Act on Data Protection
Top
Asia and Pacific Rim Guidance
Australia Better Practice Guide - Business Continuity Management
Australia Spam Act
Australia Spam Act 2003: A practical guide for business
Australia Privacy Act
Australia Telecommunications Act
Hong Kong Personal Data (Privacy) Ordinance
Japan ECOM Guidelines Concerning the Protection of Personal Data in Electronic Commerce in the Private Sector (version 1.0)
Japan Handbook Concerning Protection Of Personal Data
Japan Personal Information Protection Act (Law No. 57 of 2003)
Korea Act on Promotion of Information & Communication Network Utilization and Information Protection, etc
Korea Act on the Protection of Personal Information Maintained by Public Agencies 1994
Korea Act Relating to Use and Protection of Credit Information
New Zealand Privacy Act 1993
Taiwan Computer-Processed Personal Data Protection Law 1995
India Information Technology Act (ITA-2000)
Top
Latin American Guidance
Argentina Personal Data Protection Act
Mexico Federal Personal Data Protection Law
Top
Contact us
to learn more >>
|
Privacy Policy 