Most common regulations and IT security compliance standards
The information security policy should reference regulations and compliance standards that impact the organization, such as:
- General Data Protection Regulation (GDPR)
- California Consumer Privacy Act (CCPA)
- Payment Card Industry Data Security Standard (PCI DSS),
- Sarbanes-Oxley Act (SOX)
- Health Insurance Portability and Accountability Act (HIPAA)
- ISO 27000
- NIS2