Learning Center

// -->

IT Compliance: Fulfilling Data Security and Records Management Requirements

In IT, compliance is the satisfaction or fulfillment all of the IT regulatory requirements that apply to your organization.

Most IT regulations are related to data security and records management. The IT regulations that apply to the most amount of businesses include:

Payment Card Industry Data Security Standard (PCI DSS). The PCI DSS is developed and administered by the Payment Card Industry Security Standards Council, which is composed of representatives from all of the major payment card companies, including American Express, Discover, MasterCard, and Visa. Any organization that handles payment card data is required to satisfy the PCI DSS, which mandates the implementation of a number of data security measures to protect payment card data from unauthorized access (a complete version of the PCI DSS can be found here). All applicable organizations are required to validate their compliance with PCI DSS every year, and consequences of noncompliance include large fines and cutting off of your funding and ability to complete transactions by banks.

Health Insurance Portability and Accountability Act (HIPAA). HIPAA is a federal law that was passed in 1996. One section of HIPAA requires any organization that handles patient data to ensure the privacy of this data by implementing a number of specific data security measures, including physical and electronic access controls (for example, preventing non-employees from being able to access your organization’s computer system with authentication/login systems), using encryption whenever you transmit patient data, and the documentation of all of your organization’s security policies. Each violation of HIPAA can result in up to $50,000 in fines.

Sarbanes-Oxley Act (SOX). Sarbanes-Oxley is a 2002 federal law that requires businesses to ensure the accuracy of their financial disclosures and records. One of its central provisions is requiring businesses to maintain all records related to a company’s financial standing for at least five years. Because “all records related to a company’s financial standing” can mean almost any kind of data, including all of a company’s emails, most of the businesses that SOX applies to maintain all of their data for at least five years with extensive data storage and backup systems. SOX also requires businesses to prevent their financial and recordkeeping systems from being compromised. Penalties for noncompliance with SOX include fines or up to 20 years’ imprisonment.

An IT hosting company like Iron Orbit can be a big help to businesses that need to comply with IT regulations like these, especially if you’re a small business that has a minimal budget and not much on-staff IT expertise. For one, the advanced IT setups of many hosting companies—which feature security and disaster recovery measures like antivirus, firewalls, encryption, intrusion detection and prevention systems, and data backup systems by default—already satisfy many of the requirements of these regulations. And if the hosting companies need to implement additional measures in order for your hosted solution to comply with a certain regulation, they have the experience and expertise to be able to do so, and usually with more efficiency and effectiveness and for a lower cost than if you or your IT staff were to attempt to implement these measures yourselves.