Main regulations affecting information security - European Union

GLOBAL: universal regulations or standards, applicable to entities worldwide.

Who's impacted: entities to which the standards or regulations apply.

GLOBAL
Risk Management	Who's impacted?
Basel II The aim of this regulation is to better align bank capital requirements with underlying risks. Banks are required to monitor, mitigate and disclose risk. http://www.bis.org/publ/bcbsca.htm	Global financial services organizations International banks with assets greater than $250 billion or foreign exposures greater than $10 billion.
Payment Card Industry (PCI) Data Security Standard The aim of this standard is to provide a single set of security requirements to be used by all payment organizations. Merchants and service providers should use the standard to assess their security status. https://www.pcisecuritystandards.org/	All members, merchants, and service providers that store, process, or transmit cardholder data.

GLOBAL

Risk Management

Who's impacted?

Basel II

The aim of this regulation is to better align bank capital requirements with underlying risks. Banks are required to monitor, mitigate and disclose risk.

http://www.bis.org/publ/bcbsca.htm

Global financial services organizations
International banks with assets greater than $250 billion or foreign exposures greater than $10 billion.

Payment Card Industry (PCI) Data Security Standard

The aim of this standard is to provide a single set of security requirements to be used by all payment organizations. Merchants and service providers should use the standard to assess their security status.

https://www.pcisecuritystandards.org/

All members, merchants, and service providers that store, process, or transmit cardholder data.

EUROPEAN UNION
Privacy	Who's impacted?
EU Data Protection Directive (EU DPD) This directive covers the processing of personal data, including automatically-processed data and manual data in a filing system. Organizations must implement appropriate measures to protect personal data against unauthorized access, accidental or unlawful destruction, accidental loss, alteration or unauthorized disclosure. The US Safe Harbor Arrangement is a streamlined process for US companies to comply with the Directive. http://www.cdt.org/privacy/eudirective/EU_Directive_.html	Directive applies to member countries and other countries that do business with them.
EC Privacy and Electronic Communication Regulations (EC Directive) - 2003 This directive protects the public from electronic marketing practices that cause nuisance, offence and invasion of privacy. It calls for secure measures to be put in place to ensure that electronic marketing records are both available and correct. Electronic service providers are required to maintain system and network uptime as well as implement security measures to protect customer data. http://europa.eu.int/comm/justice_home/fsj/privacy/law/index_en.htm	Organizations that use email marketing Telecom companies and ISPs must implement additional security technologies and practices to safeguard their services.
Information Integrity
EU Annex 11, Computerized Systems The main aim of this regulation is to ensure that "records are accurately made and protected against loss or damage or unauthorized alteration so that there is a clear and accurate audit trail throughout the manufacturing process". http://www.labcompliance.com/documents/europe/h-213-eu-gmp-annex11.pdf	Pharmaceutical manufacturers using computerized systems.

Volver Arriba