Regulatory landscape beyond SOx 2306
Ramonb5 last edited by
We have passed second year of SOx audit and I am looking to use our risk and control framework for expanding our Risk management.
I am looking to clarify the regulatory landscape for IT, meaning that I want to create the mother of all policies for our company to enclose all rules and regulations we have to comply with (like SOx but also Privacy regulations, environment and so forth).
If you have any information to share with me on this topic, please let me know.
harrywaldron last edited by
There are so many regulatory control systems that exploring these and mapping all standards to create a ‘superset’ would be a major project. Here’s at least a short list that comes to mind in researching a project of this nature. Most folks will pick and choose only those standards that are applicable for their company, as too much of ‘a good thing’ may create significant bureaucracy and overhead:
- SOX with the corresponding COBIT/COSO control standards
- PCI/DSS (new card payment compliance system controls)
- ISO/IEC 27001 (audit control standards popular in Europe/Asia)
- SAS-70 security controls for service organizations
- HIPPA (privacy of medical records)
Some links found in research, copy to your browser:
Other items to evaluate: