Regulatory Environment

Legislation requiring effective corporate governance and privacy protection is impacting organizations world-wide.

Sarbanes-Oxley	Requires that publicly traded companies comply with the proper reporting of financial information and control access to this information.
SAS 70	Allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format.
HIPAA	The Health Insurance Portability and Accountability Act of 1996.
21CFR11	Electronic signature and system protection regulations by the FDA.
GLB	Applies to financial institutions and securities firms, aimed at protecting the privacy of customer data.
PIPEDA	The Canadian Personal Information Protection and Electronics Document Act.
2002/58/EC	European Union Privacy Protection Directive.

These regulations call for better internal controls and a policy of least-privilege.