Regulatory Environment

Legislation requiring effective corporate governance and privacy protection is impacting organizations world-wide.

Sarbanes-Oxley

Requires that publicly traded companies comply with the proper reporting of financial information and control access to this information.

SAS 70

Allows service organizations to disclose their control activities and processes to their customers and their customers' auditors in a uniform reporting format.

HIPAA

The Health Insurance Portability and Accountability Act of 1996.

21CFR11

Electronic signature and system protection regulations by the FDA.

GLB

Applies to financial institutions and securities firms, aimed at protecting the privacy of customer data.

PIPEDA

The Canadian Personal Information Protection and Electronics Document Act.

2002/58/EC

European Union Privacy Protection Directive.

These regulations call for better internal controls and a policy of least-privilege.