Regulatory Compliance

Regulatory compliance is the act of ensuring that an organization follows the applicable laws or rules governing how it conducts its business.

Regulations typically require organizations to adhere to either general or industry specific mandates. For example, PCI DSS, which regulates handling of cardholder data, and DORA (Digital Operational Resilience Act), which regulates tha financial sector. Other regulations, like GDPR, apply to virtually all industries within a given geographic region. Compliance regulations can also vary considerably by their objectives — for example the protection and availability of critical national infrastructure with regulations such as the Swedish Protective Security Act (Säkerhetsskyddslagen).

An organization may also choose to self impose compliance requirements on itself to provide assurance to its customers and service users, using for example ISAE 3402, NIST CSF or ISO 27001.

The reason or motive to your organizations’ compliance requirements may vary. Regardless, Seadot Cybersecurity has extensive experience in compliance and can be of big help. Contact us and we can discuss.

DORA

The reliance in digital solutions and services in the financial sector is unquestionable. The European society in turn depends on the trust in the resilience of financial entities. DORA is the latest regulation of critical sectors specificly regulating ICT Risk Management within financial entities.

NIS2

In December 2020 a new NIS legislation – NIS2 – was proposed with measures for a high common level of cybersecurity across the European Union. What is NIS and what sectors and organisations does it affect?

 

EBA ICT

The European Banking Authority (EBA) published its draft guidelines on Information and Communication Technology (ICT) and security risk management in December 2018. When the finalized guidelines come into force the EBA will require all payment service providers (PSPs), credit institutions and investment firms to make every effort to comply with these guidelines.

ISO/IEC 27001

The ISO/IEC 27001/27002 standards provide a full-scale systematic approach to managing information security within your organisation. Although not a compulsory requirement, compliance or certification to the standard provides a set of best practices
and serves as a blueprint to a well-established management system for information security within your organisation.

Contact us!

Peter Tornberg
peter@seadot.se
+46 70 30 40 656