Compliance with information security laws and contractual obligations can be daunting.
Turning to professionals who understand information security best practices helps reduce the chance of negligence.
Information security compliance is a broad topic and means different things to people, depending on what industries they work in and the scope of their customer and partners. For some, compliance just means PCI DSS. For others, it may mean compliance with privacy matters.
In 2008, Oregon introduced the first "real" data security law at the state level, the Oregon Consumer Identity Theft Protection Act (OCITPA). The following year, Massachusetts enacted a similar law that required businesses to have a Written Information Security Program (WISP). This law, Massachusetts' MA 201 CMR 17.00, was the last and more comprehensive state data protection law and we still get many clients who scramble to have compliance documentation in effect so that they can provide compliance with this law.
At ComplianceForge.com, we offer various solutions to help with your compliance needs, such as the Written Information Security Program (WISP), our ISO 27002-based Vendor Compliance Program (VCP) or our PCI DSS Information Security Policies and Standards.