Companies in highly regulated industries, such as financial services and healthcare, must comply with numerous regulations, including PCI DSS, SOX, GLBA, HIPAA and HITECH, and many others. These regulations offer specific guidance on handling personal information and cloud compliance for sensitive data, and companies are bound to ensure that their information security policies and IT systems comply with the guidelines. Perspecsys’ solution can help organizations meet their regulatory standards while benefiting from the use of cloud applications.
Examples of industry regulations that encompass information related to cloud compliance standards include:
PCI Data Security Standards (PCI DSS) are technical and operational requirements set by the PCI Security Standards Council (PCI SSC) to protect cardholder data. The Council is responsible for managing the security standards, while the payment card brands enforce compliance in the cloud. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions.
More about PCI DSS cloud data security >>
The federal Health Insurance Portability and Accountability Act (HIPAA) requires healthcare organizations to maintain the confidentiality of electronic health information that can be linked to an individual patient (electronic Protected Health Information, or ePHl). Penalties and criminal enforcement of the HIPAA Security Rules were made stronger via several provisions in The Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009. The HIPAA Security Rules require healthcare organizations to adopt the appropriate safeguards to protect the confidentiality, integrity and availability of patients’ protected health information.
More about HIPAA cloud data security >>
The FBI’s Criminal Justice Information System (CJIS) is responsible for providing many critical pieces of data that criminal justice organizations and contractors need to conduct business every day - including fingerprint records, sex offender registries and criminal histories. There are understandably strict regulations and standards for anyone accessing CJIS data and this applies to any cloud application provider or vendor providing products or services related to this data.
More about CJIS cloud data security >>
The Gramm-Leach-Bliley Act (GLBA) requires financial institutions to establish standards for protecting the security and confidentiality of their customers’ non-public personal information.
More about GLBA cloud data security >>
In the U.S., requirements for personal information protection extend to the education field and student personal information. The Family Educational Rights & Privacy Act of 1974 (FERPA) is a federal law that gives students access to their education records, the ability to seek to have the records amended, and control over the release of the information to third parties. With some exceptions, schools must have a student’s consent prior to disclosure of personal data including grades, enrollment status, and billing information. The law applies to educational agencies and institutions that receive funding from the U.S. Department of Education.
More about FERPA compliance and regulations >>
“We are not tokenizing just one or two fields for credit cards, we tokenize anything and everything. We won’t send any client-related information outside of our firewalls. PerspecSys gives us peace of mind and enables us to take advantage of the cloud offerings that require us to have data outside the firewall.”- Top 5 Global Bank ,
“If the encryption vendor offers options for ‘function preserving encryption’ – for example, to preserve sort – regulations may require the use of standardized and approved algorithms or proof of independent certification for the potentially weakened encryption.”- Analyst ,
1750 Tysons Blvd, Suite 1500
McLean, VA 22102
+1 (703) 712-4752
71 Stevenson St, Suite 400
San Francisco, CA 94105
+1 (415) 655-6733
68 Lombard Street
London, EC3V 9LJ
+44 (207) 868-2037
86 Healey Road
Bolton, ON L7E 5A7
+1 (905) 857-0411