$7,900.00

Digital Security Program (DSP)

SKU:
P02-DSP
Availability:
Email Delivery Within 1-2 Business Days

file types are bmp, gif, jpg, jpeg, jpe, jif, jfif, jfi, png, wbmp, xbm, tiff

Digital Security Program (DSP)

The DSP consists of thirty-two (32) policies. Nested within these policies are the control objectives, standards and guidelines that make your security program run. The structure of the Digital Security Program makes is easy to add or remove policy sections, as your business needs change. The same concept applies to standards – you can simply add/remove content to meet your specific needs. The DSP addresses the “why?” and “what?” questions, since policies and standards form the foundation for your cybersecurity program. The DSP provides the underlying cybersecurity standards that must be in place, as stipulated by statutory, regulatory and contractual requirements. Just as Human Resources publishes an “employee handbook” to let employees know what is expected for employees from a HR perspective, the DSP does this from a cybersecurity perspective.

2019-spectrum-cybersecurity-best-practices-spectrum-secure-controls-framework-scf-coverage.jpg

Example Digital Security Program (DSP)

Our customers choose the Digital Security Program (DSP) because they need a scalable and comprehensive solution. The DSP is a hybrid, "best in class" approach to cybersecurity documentation that covers dozens of statutory, regulatory and contractual frameworks to create a comprehensive set of cybersecurity policies, standards, controls and metrics. The DSP has a 1-1 mapping relationship with the Secure Controls Framework (SCF) so it maps to over 100 leading practices! To understand the differences between the DSP and WISP, please visit here for more details.

test1.jpg   Watch Our Product Walkthrough Video   View Product Example
    download-example-microsoft-word.jpg
   

Example DSP

    download-example-microsoft-excel.jpg
   

Example Mapping

Cost Savings Estimate - Digital Security Program (DSP)

When you look at the costs associated with either (1) hiring an external consultant to write cybersecurity documentation for you or (2) tasking your internal staff to write it, the cost comparisons paint a clear picture that buying from ComplianceForge is the logical option. Compared to hiring a consultant, you can save months of wait time and tens of thousands of dollars. Whereas, compared to writing your own documentation, you can potentially save hundreds of work hours and the associated cost of lost productivity. Purchasing the DSP from ComplianceForge offers these fundamental advantages when compared to the other options for obtaining quality cybersecurity documentation:

  • For your internal staff to generate comparable documentation, it would take them an estimated 675 internal staff work hours, which equates to a cost of approximately $50,625 in staff-related expenses. This is about 6-12 months of development time where your staff would be diverted from other work.
  • If you hire a consultant to generate this documentation, it would take them an estimated 375 consultant work hours, which equates to a cost of approximately $104,600. This is about 3-6 months of development time for a contractor to provide you with the deliverable.
  • The DSP is approximately 7% of the cost for a consultant or 16% of the cost of your internal staff to generate equivalent documentation.
  • We process most orders the same business day so you can potentially start working with the DSP the same day you place your order.

2019-pricing-dsp-1.jpg

The process of writing cybersecurity documentation can take an internal team many months and it involves pulling your most senior and experienced cybersecurity experts away from operational duties to assist in the process, which is generally not the most efficient use of their time. In addition to the immense cost of hiring a cybersecurity consultant at $300/hr+ to write this documentation for you, the time to schedule a consultant, provide guidance and get the deliverable product can take months. Even when you bring in a consultant, this also requires involvement from your internal team for quality control and answering questions, so the impact is not limited to just the consultant's time being consumed. 

software-2018.1-no-software-to-install-v1.jpg

The Digital Security Program (DSP) is a product we developed for companies that need to comply with multiple requirements, but do not want to be locked into documentation that is formatted to conform with the taxonomy ISO 27002 or NIST 800-53. Essentially, the DSP is a "best in class" approach to security documentation.

Our products are one-time purchases with no software to install - you are buying Microsoft Office-based documentation templates that you can edit for your specific needs. If you can use Microsoft Office or OpenOffice, you can use the DSP! While the DSP does come in Microsoft Word like the WISP, the included Excel version of the DSP comes with the following content so it is easy to import into a GRC solution (e.g., Ostendio's MyVCM, ZenGRC, RequirementONE, Archer, RSAM, MetricStream, ServiceNow, etc.):

  • Policy statements
  • Policy intent
  • Control objectives
  • Standards
  • Guidance
  • Controls (Secure Controls Framework & NIST Cybersecurity Framework)
  • Metrics - including suggested Key Performance Indicators (KPIs) & Key Risk Indicators (KRIs)
  • Indicators of Compromise (IoC)
  • Indicators of Exposure (IoC)
  • Target Audience Applicability
  • Scoping - Basic or Enhanced Requirement
  • Recommended roles / teams with responsibility for each standard (basically a RACI for key stakeholders.

Cybersecurity & Privacy Policies, Standards, Controls & Metrics For A Digital Company - Hierarchical & Scalable!

ComplianceForge provides businesses with exactly what they need to protect themselves - professionally written cybersecurity policies, control objectives, standards, controls, procedures and guidelines at a very affordable cost. Similar documentation standards can be found in Fortune 500 company that have dedicated Governance, Risk & Compliance (GRC) staff. The Digital Security Program (DSP) is footnoted to provide authoritative references for the statutory, regulatory and contractual requirements that need to be addressed.

2018.3-documentation-cybersecurity-policies-standards-procedures-controls-guidelines.jpg

Before You "Can Move The Needle" You Need A Needle - Metrics Are Included In The DSP!

The DSP can serve as a foundational element in your organization's cybersecurity program. It can stand alone or be paired with other specialized products we offer.

In addition to being a hybrid model that is made up of leading security frameworks, we also added in features that are not available in the Written Information Security Program (DSP), namely mapped controls and metrics. This equates to a potential time savings of hundreds of hours, based on how much work goes into not only creating controls and worthwhile metrics, but mapping those back into your organizations policies and standards.

One special aspect of the DSP is while it comes in Microsoft Word format, it also comes in Microsoft Excel so that it is easy to import into a GRC solution (e.g., OstendioZenGRCSimpleRiskRequirementONE, Archer, RSAM, MetricStream, etc.)! This is an ideal solution for companies that either currently use a GRC solution or are exploring the use of one. The time savings can equate to a saving of tens of thousands of dollars in customizing "out of the box" documentation from these tools. 

If you are interested in learning more, there is a product walk-through video and other helpful documentation, so keep reading or contact us so we can help answer your specific questions.

product-selection-2018.2-cybersecurity-policies-standards-procedures-controls.jpg

What Problem Does The DSP Solve?  

  • Lack of In House Security Experience - Writing security documentation is a skill that many good cybersecurity professionals simply are not proficient at and avoid the task at all cost. Tasking your security analysts and engineers to write comprehensive documentation means you are actively taking them away from protecting and defending your network, which is not a wise use of their time. The DSP is an efficient method to obtain comprehensive security policies, standards, controls and metrics for your organization!
  • Compliance Requirements - Nearly every organization, regardless of industry, is required to have formally-documented security policies and standards. Requirements range from PCI DSS to HIPAA to NIST 800-171. The DSP is designed with compliance in mind, since it focuses on leading security frameworks to address reasonably-expected security requirements
  • Audit Failures - Security documentation does not age gracefully like a fine wine. Outdated documentation leads to gaps that expose organizations to audit failures and system compromises. The DSP's standards provides mapping to leading security frameworks to show you exactly what is required to both stay secure and compliant.  
  • Vendor Requirements - It is very common for clients and partners to request evidence of a security program and this includes policies and standards. The DSP provides this evidence!

How Does the DSP Solve It?

  • Clear Documentation - The DSP provides comprehensive documentation to prove that your security program exists. This equates to a time saving of hundreds of hours and tens of thousands of dollars in staff and consultant expenses!
  • Time Savings - The DSP can provide your organization with a semi-customized solution that requires minimal resources to fine tune for your organization's specific needs. 
  • Alignment With Leading Practices - The DSP is written to support over two dozen leading frameworks! 

Creating A Cybersecurity Program Based On Multiple Leading Frameworks Is Achievable!

Our DSP covers the following leading frameworks and requirements. The DSP comes with an Excel spreadsheet that provides the mapping for the standards to these references:

  • NIST 800-53
  • NIST 800-171
  • NIST Cybersecurity Framework (CSF)
  • National Industrial Security Program Operating Manual (NISPOM)
  • Defense Federal Acquisition Regulation Supplement (DFARS 252.204-7012)          
  • Federal Acquisition Regulation (FAR 52.204-21)
  • Federal Risk and Authorization Management Program (FedRAMP)
  • Fair & Accurate Credit Transactions Act (FACTA)
  • Financial Industry Regulatory Authority (FINRA)
  • Federal Financial Institutions Examination Council (FFIEC
  • ISO 27002
  • ISO 27018
  • Generally Accepted Privacy Principles (GAPP)
  • Payment Card Industry Data Security Standard (PCI DSS)
  • Control Objectives for Information and Related Technology (COBIT 5)    
  • Health Insurance Portability and Accountability Act (HIPAA)
  • Sarbanes Oxley Act (SOX)
  • Gramm Leach Bliley Act (GLBA)
  • NY DFS 23 NYCCRR 500
  • Federal Drug Administration (FDA) 21 CFR Part 11 
  • North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP)
  • American Institute of CPAs Service Organization Control (AICPASOC2)
  • Center for Internet Security Critical Security Controls (CIS CSC)
  • Cloud Security Alliance Cloud Controls Matrix (CSA CCM)
  • European Union Agency for Network and Information Security (ENISA)
  • European Union General Data Protection Regulation (EU GDPR)
  • United Kingdom Data Protection Act (UK DPA)
  • Massachusetts 201 CMR 17.00
  • Oregon Identity Theft Protection Act (ORS 646A)

FAR MORE THAN JUST POLICIES & STANDARDS – THE DSP COMES WITH MAPPED CONTROLS AND METRICS

The DSP is a “best in class” hybrid that leverages numerous leading frameworks to create a comprehensive security program for your organization!

digital-security-program-product-comparison-example.jpg 

The DSP comes with policies, standards, controls and metrics! The DSP comes mapped to both the NIST Cybersecurity Framework (CSF) and the Center for Internet Security Critical Security Controls (CIS CSC) for the controls and metrics, so you can choose which controls and metrics are most applicable to your organization! We even further broke things down to provide recommended key controls, KPIs and KRIs!

digital-security-program-cybersecurity-key-controls-kpi-kri-examples.jpg

  

DIGITAL SECURITY – THE EVOLUTION OF SECURITY

If you are reading this, you are likely familiar with how “IT Security,” “Information Security,” and “Cybersecurity” are used interchangeably by most people. However, these terms do have meaning and as you “peel back the onion” on terminology you will see that “Digital Security” is the new leading terminology to describe the entire security ecosystem. This term has evolved to be all-encompassing, since it addresses technology, information, physical security, privacy and safety.

digital-security-model.jpg

 

SAFETY COMPONENT – ONE BENEFIT OF THINKING DIGITAL

For years, the “CIA Triad” stood as the foundation for what a security program was designed to address – the Confidentiality, Integrity and Availability of both systems and data. That has now changed, since there are real-world safety considerations from Operational Technology (OT) and the Internet of Things (IoT). This has caused the evolution of the CIA Triad into the Confidentiality, Integrity, Availability and Safety (CIAS) model.

The DSP is designed around the CIAS model by adopting the best of leading security frameworks.

cia-triad-evolved-cias-model2.jpg

 


IMPORT-READY FOR GRC TOOLS – THE DSP COMES IN BOTH MICROSOFT WORD AND EXCEL FORMATS

The DSP is ready to import into your Governance, Risk & Compliance (GRC) solution, since it comes in both Microsoft Word and Excel formats. This makes the import from Excel easy. For many GRC tools, this provides you the ability to perform your customization and collaboration directly from your GRC portal.

If you do not currently have a GRC tool, but want to deploy the DSP from a user-friendly internal website, we can help with that. We offer a fixed-price service to convert the DSP into an internal website using GRAV, a Content Management System (CMS). If that interests you, please contact us at support@compianceforge.com and we can provide you with more details on that option.

STEPS TO USING THE DIGITAL SECURITY PROGRAM (DSP) TO OBTAIN CMM4 (PREDICTABLE) MATURITY

It is a simple fact that technology and cybersecurity departments are not revenue-generating. These cost centers must continuously demonstrate value to justify current and future budgets. While many boards of directors and executive management provide initial security budget funding based on Fear, Uncertainty & Doubt (FUD), there is an eventual need to demonstrate a Security Return on Investment (SROI). Without this return on investment, budgets are hard to justify and capabilities suffer.

The most common ways for a security program to justify budget needs is through metrics reporting. Arguably, COBIT 5’s Process Assessment Model (PAM) is the industry leading model for measuring process maturity. COBIT 5’s model is based on the well-known ISO 15504-2:2003 Capability Maturity Model (CMM) that uses six levels to describe maturity.

We avoided re-inventing the wheel and simply created an enterprise-class product that can help your organization rapidly advance its capability maturity to a CCM 4 level. The DSP can help your organization rapidly advance to CMM4!

cobit5-iso-15504-2-instant-security-maturity.jpg

While nearly all organizations have “security policies” in place, it is a sad reality that many are outdated, improperly scoped, and inadvertently add to technical debt. Quite simply, most security policies were never designed to scale as the organization grows or technologies evolve and are more of a liability than benefit. If that is your organization, the DSP can be a “quick win” to dramatically advance the maturity of your security program.

The DSP is a different animal – it is built to scale and adapt to the needs of the organization. The modular nature of the DSP means that each policy has its own standards, all the way down to controls and metrics. This hierarchical nature makes mapping metrics to policies a breeze, due to the logical organization of the documentation.

 

example-digital-security-program-grc-export-ready-excel.jpg

[click to see an example of the Excel content]

 

DUE CARE & DUE DILIGENCE – JUMP START YOUR RACI FOR “OWNERSHIP” OF STANDARDS

We went the extra mile to help create a basic RACI-type mapping that identifies both the target audiences, but also the key stakeholders for each standard. It is all customizable, since it is Excel, but it enables you to hit the ground running.

example-applicablility-scope-raci-excel.jpg

[click to see an example of the Excel content]


“GOLDILOCKS” CONTROLS – NOT TOO BIG AND NOT TOO SMALL. JUST RIGHT.

The DSP uses the NIST Cybersecurity Controls Framework (CSF) version 1.1 for its control set, so the controls are aligned with a leading framework for expected security controls. Key controls are identified from this control set and metrics are mapped to these controls. Again, being Excel it is editable for your needs.

 example-digital-security-program-controls-excel.jpg

[click to see an example of the Excel content]



ACCELERATING YOUR BUSINESS – MAPPING STANDARDS TO LEADING FRAMEWORKS

The DSP maps twenty-four (24) leading frameworks! This includes the most common statutory, regulatory and contractual requirements that are expected from a security program.

example-framework-mapping-excel.jpg

[click to see an example of the Excel content]


ACCELERATING YOUR BUSINESS – MAPPING CONTROLS TO METRICS, KPIS AND KRIS

Metrics are the bane of many cybersecurity professionals’ existence. Unfortunately, this is due in large part to poor program-level documentation. Without alignment with leading frameworks (e.g., NIST Cybersecurity Framework, CIS Critical Security Controls, ISO 27002, etc.), it is unlikely that an organization’s management will know the correct questions to ask when measuring performance. That is why the tired and generally useless metric of “how many port scans the firewall blocked” still exists in many companies. We want to help change that with the DSP!

The DSP provides you with usable metrics to prove the status of the controls, which in turn allows you to report on the health of your overall security program.

example-kpis-kris-key-controls-excel.jpg 

[click to see an example of the Excel content]

 

 

Hierarchical Approach - Built To Scale & Evolve With Your Business 

Our experience has proven that when it comes to Information Security policies, a standard is a standard for a reason. With that in mind, our Written Information Security Program (DSP) is based on industry-recognized best practices and Information Security standards so that you can meet your legal requirements. Unlike some competitor sites that offer “Bronze, Silver or Gold” packages that may leave you critically exposed, we offer a comprehensive Information Security solution to meet your specific compliance requirements. Why is this? It is simple - in the real world, compliance is penalty-centric. Courts have established a track record of punishing businesses for failing to perform “reasonably expected” steps to meet compliance with known standards. 

The Written Information Security Program (DSP) follows a hierarchical approach to how the structure is designed so that standards map to control objectives and control objectives map to policies. This allows for the standards to be logically grouped to support the policies.

Component

Example Content  
comprehensive-cybersecurity-documentation.jpg   comprehensive-cybersecurity-documentation-example.jpg

Policies are “high level” statements of management’s intent and are intended to guide decisions to achieve rational outcomes. Policies are not meant to be prescriptive, but provide an overall direction for the organization.

Control Objectives support policy by identifying applicable requirements that the organization needs to address. These applicable requirements can be best practices, laws or other legal obligations.

Standards establish formal requirements in regards to processes, actions and configurations. Standards are entirely focused on providing narrowly-focused, prescriptive requirements that are quantifiable.

Procedures are formal methods of performing a task, based on a series of actions conducted in a defined and repeatable manner.

Controls are technical or administrative safeguards that may prevent, detect or lessen the ability of the threat actor to exploit a vulnerability.

Metrics are designed to facilitate decision-making, improve performance, and improve accountability through the collection, analysis, and reporting of relevant performance-related data.

 

NIST 800-171 Compliance Concerns?

Does your company need to comply with NIST 800-171 requirements for MODERATE baseline controls from NIST 800-53 rev4? The Digital Security Program (DSP) can help your organization become compliant with NIST 800-171 requirements, since NIST 800-53 rev4 MODERATE baselines controls are included in the mapping. Additionally, you will want to take a look at our NIST 800-171 Compliance Criteria (NCC) product, since it contains practical guidance on how to comply with NIST 800-171 requirements. This supports the NIST-based DSP.

nist-800-171-compliance-made-easy.jpg

 

Which Product Is Right For You? 

Our documentation is meant to address your requirements from strategic concepts all the way down to day-to-day deliverables you need to demonstrate compliance with common statutory, regulatory and contractual obligations. We offer up to 40% discounts on our documentation bundles, so please be aware that you have benefit from significant savings by bundling the documentation you need. You can see the available bundles here.

 

product-selection-2018.1-cybersecurity-program-products.jpg

 

We are here to help make comprehensive cybersecurity documentation as easy and as affordable as possible. We serve businesses of all sizes, from the Fortune 500 all the way down to small businesses, since our cybersecurity documentation products are designed to scale for organizations of any size or level of complexity. Our affordable solutions range from cybersecurity policies & standards documentation, to NIST 800-171 compliance checklists, to program-level documentation, such as "turn key" incident responserisk management or vulnerability management program documents. Our focus is on helping you become audit ready!

 

product-selection-2018.2.jpg

 

Juggling Multiple Requirements? We Can Help 

The DSP currently maps to nearly 100 frameworks that includes mapped coverage of the following cybersecurity and privacy-related statutory, regulatory and contractual frameworks:

Geography Source Authoritative Source - Statutory / Regulatory / Contractual / Industry Framework Version
Universal AICPA Generally Accepted Privacy Principles (GAPP) N/A
Universal AICPA Service Organization Control - Trust Services Criteria (TSC) - SOC2 2016
Universal AICPA Service Organization Control - Trust Services Criteria (TSC) - SOC2 2017
Universal CIS Critical Security Controls (CSC) 6.1
Universal CIS Critical Security Controls (CSC) 7.1
Universal COSO Committee of Sponsoring Organizations (COSO) 2013 Framework 2013
Universal COSO Committee of Sponsoring Organizations (COSO) 2017 Framework 2017
Universal CSA Cloud Controls Matrix (CCM) 3.0.1
Universal EU European Union Agency for Network and Information Security (ENISA) 2.0
Universal ISACA Control Objectives for Information and Related Technologies (COBIT) 5
Universal ISACA Control Objectives for Information and Related Technologies (COBIT) 2019
Universal ISO 27001 - Information Security Management Systems (ISMS) - Requirements 2013
Universal ISO 27002 - Code of Practice for Information Security Controls 2013
Universal ISO 27018 - Code of Practice for PI in Public Clouds Acting as PI Processors 2014
Universal ISO 29100 - Privacy Framework 2011
Universal ISO 31000 - Risk Management 2009
Universal ISO 31010 - Risk Assessment Techniques 2009
Universal MPAA MPAA Content Security Best Practices Common Guidelines 4.04
Universal NAIC Insurance Data Security Model Law (MDL-668) N/A
Universal NIST SP 800-37 - Guide for Applying the RMF to Federal Information Systems rev1 1
Universal NIST SP 800-37 - Guide for Applying the RMF to Federal Information Systems rev2 2
Universal NIST SP 800-39 - Managing Information Security Risk N/A
Universal NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations 4
Universal NIST SP 800-53 - Security and Privacy Controls for Information Systems and Organizations 5 (draft)
Universal NIST SP 800-160 - Systems Security Engineering N/A
Universal NIST SP 800-171 - Protecting CUI in Nonfederal Systems and Organizations 1
Universal NIST Cybersecurity Framework (CSF) 1.1 (Apr 19)
Universal OWASP Top 10 Most Critical Web Application Security Risks 2017
Universal PCI SSC Payment Card Industry Data Security Standard (PCI DSS) 3.2
Universal SWIFT SWIFT Customer Security Controls Framework 2019
Universal UL 2900-1 - Software Cybersecurity for Network-Connectable Products N/A
US Federal US DOJ / FBI - Criminal Justice Information Services (CJIS) Security Policy N/A
US Federal Children's Online Privacy Protection Act (COPPA) N/A
US Federal Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7008 252.204-7008
US Federal Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 252.204-7012
US Federal Fair & Accurate Credit Transactions Act (FACTA) / Fair Credit Reporting Act (FCRA) N/A
US Federal Family Educational Rights and Privacy Act (FERPA) N/A
US Federal Federal Acquisition Regulation (FAR) 52.204-21
US Federal Federal Financial Institutions Examination Council (FFIEC)  N/A
US Federal Federal Risk and Authorization Management Program (FedRAMP) Moderate
US Federal Financial Industry Regulatory Authority (FINRA) N/A
US Federal Food & Drug Administration (FDA) 21 CFR Part 11
US Federal Federal Trade Commission (FTC) Act N/A
US Federal Gramm Leach Bliley Act (GLBA) N/A
US Federal Health Industry Cybersecurity Practices (HICP) - Small / Medium / Large Practice N/A
US Federal Health Insurance Portability and Accountability Act (HIPAA) N/A
US Federal Internal Revenue Service (IRS) 1075 N/A
US Federal National Industrial Security Program Operating Manual (NISPOM) N/A
US Federal North American Electric Reliability Corporation Critical Infrastructure Protection (NERC CIP) N/A
US Federal Privacy Shield N/A
US Federal Sarbanes Oxley Act (SOX) N/A
US Federal Social Security Administration (SSA) Electronic Information Exchange Security Requirements  8.0
US State AK - Alaska Personal Information Protection Act (PIPA) N/A
US State CA - SB327 N/A
US State CA - SB1121 - California Consumer Privacy Act (CCPA) 43405
US State CA - SB1386 N/A
US State MA - 201 CMR 17.00 N/A
US State NY - NY DFS 23NYCRR500 N/A
US State NV - SB220 N/A
US State OR - ORS 646A N/A
US State SC - South Carolina Insurance Data Security Act N/A
US State TX - BC521 N/A
US State TX - Cybersecurity Act N/A
US State TX - 2019 - SB820 N/A
EMEA EU ePrivacy Directive draft
EMEA EU General Data Protection Regulation (GDPR) N/A
EMEA EU Second Payment Services Directive (PSD2) N/A
EMEA Austria Federal Act concerning the Protection of Personal Data (DSG 2000)  N/A
EMEA Belgium Act of 8 December 1992  N/A
EMEA Czech Republic Act No. 101/2000 on the Protection of Personal Data N/A
EMEA Denmark Act on Processing of Personal Data (Act No. 429 of May 31, 2000) N/A
EMEA Finland Personal Data Act (986/2000) N/A
EMEA France 78 17 / 2004 8021 - Information Technology, Data Files & Civil Liberty N/A
EMEA Germany Cloud Computing Compliance Controls Catalogue (C5) N/A
EMEA Germany Federal Data Protection Act N/A
EMEA Greece Protection of Individuals with Regard to the Processing of Personal Data (2472/1997) N/A
EMEA Hungary Informational Self-Determination and Freedom of Information (Act CXII of 2011) N/A
EMEA Ireland Data Protection Act (2003) N/A
EMEA Israel Cybersecurity Methodology for an Organization 1.0
EMEA Israel Protection of Privacy Law, 5741 – 1981 N/A
EMEA Italy Personal Data Protection Code N/A
EMEA Luxembourg Protection of Personals with Regard to the Processing of Personal Data N/A
EMEA Netherlands Personal Data Protection Act N/A
EMEA Norway Personal Data Act N/A
EMEA Poland Act of 29 August 1997 on the Protection of Personal Data N/A
EMEA Portugal Act on the Protection of Personal Data N/A
EMEA Russia Federal Law of 27 July 2006 N 152-FZ N/A
EMEA Russia Russian Labor Code N/A
EMEA Slovak Republic Protection of Personal Data (122/2013) N/A
EMEA South Africa Protection of Personal Information Act (POPIA) N/A
EMEA Spain Royal Decree 1720/2007 (protection of personal data) N/A
EMEA Sweden Personal Data Act N/A
EMEA Switzerland Federal Act on Data Protection (FADP) N/A
EMEA Turkey Regulation on Protection of Personal Data in Electronic Communications Sector N/A
EMEA UAE Data Protection Law No. 1 of 2007 N/A
EMEA United Kingdom Data Protection Act N/A
APAC Australia Privacy Act of 1998 N/A
APAC Australia Australian Government Information Security Manual (ISM) 2017
APAC China Decision on Strengthening Network Information Protection N/A
APAC Hong Kong Personal Data Ordinance N/A
APAC India Information Technology Rules (Privacy Rules) N/A
APAC Indonesia Government Regulation No. 82 of 2012 N/A
APAC Japan Act of the Protection of Personal Information N/A
APAC Malaysia Personal Data Protection Act of 2010 N/A
APAC New Zealand Privacy Act of 1993 N/A
APAC New Zealand New Zealand Information Security Manual (NZISM) N/A
APAC Philippines Data Privacy Act of 2012 N/A
APAC Singapore Personal Data Protection Act of 2012 N/A
APAC Singapore Monitory Authority of Singapore (MAS) Technology Risk Management (TRM) Guidelines N/A
APAC South Korea Personal Information Protection Act N/A
APAC Taiwan Personal Data Protection Act N/A
Americas Argentina Protection of Personal Law No. 25,326 N/A
Americas Argentina Protection of Personal Data - MEN-2018-147-APN-PTE N/A
Americas Bahamas Data Protection Act N/A
Americas Brazil General Data Protection Law (LGPD) N/A
Americas Canada Personal Information Protection and Electronic Documents Act (PIPEDA) N/A
Americas Chile Act 19628 - Protection of Personal Data N/A
Americas Colombia Law 1581 of 2012 N/A
Americas Costa Rica Protection of the Person in the Processing of His Personal Data N/A
Americas Mexico Federal Law on Protection of Personal Data held by Private Parties N/A
Americas Peru Personal Data Protection Law N/A
Americas Uruguay Law No. 18,331 - Protection of Personal Data and Action "Habeas Data" N/A

Videos Hide Videos Show Videos

Related Products

Related Products

Reviews

  • 1. Outstanding quality 5

    No one else is doing this. Does it for the most popular Frameworks. Highly recommended. Prompt service and customer support. Through and systematic subject treatment. Links to Standards, Baselines and Controls.

    - TJ on Jun 6th 2019
  • 2. Big help 5

    Recently purchased DSP and supplemental documentation and very satisfied with the contents.

    - Andre Cruel on Nov 20th 2017

Find Out Exclusive Information On Cybersecurity