There are so many acronyms that float around when you’re talking about security policy compliance. It can get overwhelming to think about all these mysterious jumbles of letters, and your security might be compromised if you’re too confused. What do these acronyms mean, and how do they apply to your business? Check out the quick guide below.
HIPAA
HIPAA, or Health Insurance Portability and Accountability Act, applies to every company that deals with private medical information. This includes doctor offices, insurances, and pharmacies. HIPAA requires your business to keep all medical information of patients securely encrypted and away from unauthorized access. This act goes beyond computer system compliance and requires your staff to know what they are legally allowed to say to patients and customers. There are substantial fines for violating HIPAA, so make sure you know what you’re doing.
PCI DSS
PCI DSS stands for the Payment Card Industry Data Security Standard and is commonly referred to as PCI. You need this if your business deals with credit cards in any way. The standards require you to make sure customer payment data is encrypted and securely stored on all electronic systems. PCI is not a legal requirement, but it’s still vital that all businesses accepting credit cards comply. If you do not, you risk losing the ability to accept credit cards at all—which can mean the end of a business in today’s mostly cashless society.
SOX
SOX is the Sarbanes-Oxley Act and is necessary for all public companies. The act provides guidelines for how long records for these businesses must be stored. The act also required these public companies establish internal guidelines for financial records and internal procedures, and follow these guidelines. Noncompliance with SOX can lead to fines for your business, as well as potential prison time for C-level executives.
GLBA
GLBA stands for the Gramm-Leach-Bliley Act, which provides guidelines for storing financial customers’ information. Businesses that work with financial services must comply with this by ensuring security and privacy of all information. Compliance also includes creating a security plan for the company to follow. If your company does not comply, hefty fines or prison time are potential outcomes.
Make sure your company is compliant with all necessary acts and guidelines. Ezentria is here to help you audit your information security and make sure you’re doing what you need to do.