[resources, glossary, security-compliance]


    Security Compliance

    What is Security Compliance?

    Security compliance is a set of standards or best practices that ensure that customer data is kept secure and vulnerabilities to cyber attacks are at a minimum. Some areas of security compliance are mandatory, such as GDPR or CCPA, and businesses that aren’t compliant with security standards may be subject to regulatory fines or penalties.  

    Many areas of security compliance are around meeting best practices. Sometimes customers require proof that businesses meet certain security compliance standards, such as SOC 2 compliance for third-party SaaS providers.

    What are the Types of Security Compliance?

    Many of the security compliance frameworks depend upon the kind of assets a company has or the industry the company operates within.

    General Security Frameworks that apply broadly across industries include:

    • ISO standards are considered to be “best in class”
    • NIST framework compliance is not mandatory but is considered the best practice
    • GDPR compliance is mandatory in the EU, and subject to penalties
    • CCPA compliance is mandatory in California, and subject to penalties
    • FTC compliance is around fraud prevention and enforces whether companies stick with their stated privacy policies or not

    Financial and Payments Security Compliance:

    • PCI DSS compliance is for payment processors
    • FACTA compliance protects consumer information when credit ratings are pulled or used
    • SOC 2 compliance is for third-party SaaS companies who may use financial data

    Personal privacy and healthcare-related security compliance:

    • HIPAA compliance is around the protection of individual health data
    • HITECH compliance is similar and related to health information specifically related to electronic health records

    Manufacturing and infrastructure related security compliance: