Mapping your regulatory requirements against a cybersecurity framework.

In today's global market, regulatory compliance no longer exists at a single level. With the absence of data boarders, regulatory compliance has expanded to include all the various industry regulators that you may have (e.g. SEC, HIPAA.), as well as state-breached notification laws and privacy regulations. 

It's crucial that you build a cybersecurity framework that includes and maps out all of your regulatory obligations. Mapping your requirements can be confusing, however, which is why many of our clients work closely with a cybersecurity advisory professional to help them understand those obligations, the assets they have under management and how they can adequately protect their clients' privacy. 

In this video, Industry Security Strategist, Mark Sangster illustrates the “global regulatory layer cake” and suggests working with a cybersecurity advisory professional to build a cybersecurity framework that accounts for all your regulatory obligations. 

 
Transcript:

You have to consider what I would call the global regulatory layer cake. At the center is you and your organization. The next ring out of course is all of the various industry regulators that you may have like the SCC in finance or HIPAA for healthcare. Above that, you're going to have state-breached notification laws. And then above that, you have what I call the super layer of things like privacy regulations like the GDPR in Europe. Regardless of whether or not you are actually headquartered in Europe, if you have affiliates, clients, data, or a resident there, you are governed by GDPR.

A cybersecurity framework is the best way to map to this myriad of regulatory obligations. It's crucial that you build a cybersecurity framework that ensures that you mapped all of your regulatory obligations. It's a very convoluted mapping, and that's why many of our clients are now working hand-in-hand with a cybersecurity advisory professional to help them do that, to understand those obligations, understand the assets that they have under management, and how they adequately protect their clients' privacy.

Ready to start the conversation about cybersecurity?
Talk to us today.
Let's Talk