Regulatory landscape beyond SOx 2306
-
Hi,
We have passed second year of SOx audit and I am looking to use our risk and control framework for expanding our Risk management.
I am looking to clarify the regulatory landscape for IT, meaning that I want to create the mother of all policies for our company to enclose all rules and regulations we have to comply with (like SOx but also Privacy regulations, environment and so forth).
If you have any information to share with me on this topic, please let me know.
Regards Ramon.
-
Hi Ramon:
There are so many regulatory control systems that exploring these and mapping all standards to create a ‘superset’ would be a major project. Here’s at least a short list that comes to mind in researching a project of this nature. Most folks will pick and choose only those standards that are applicable for their company, as too much of ‘a good thing’ may create significant bureaucracy and overhead:- SOX with the corresponding COBIT/COSO control standards
- PCI/DSS (new card payment compliance system controls)
- ISO/IEC 27001 (audit control standards popular in Europe/Asia)
- SAS-70 security controls for service organizations
- HIPPA (privacy of medical records)
etc …
Some links found in research, copy to your browser:
http-and-#58;//en.wikipedia.org/wiki/Sarbanes-Oxley_Act
http-and-#58;//en.wikipedia.org/wiki/COSO
http-and-#58;//en.wikipedia.org/wiki/Cobit
http-and-#58;//en.wikipedia.org/wiki/ISO_27001
http-and-#58;//en.wikipedia.org/wiki/SAS-70
http-and-#58;//en.wikipedia.org/wiki/HIPPAOther items to evaluate:
http-and-#58;//en.wikipedia.org/wiki/Cyber_security_standards
http-and-#58;//en.wikipedia.org/wiki/List_of_ISO_standards
http-and-#58;//en.wikipedia.org/wiki/Information_technology_audit_process