Compliance
Compliance with corporate, government and industry standards and regulations is critical to meet business goals, reduce risk, maintain trust and avoid fines. Get advice on audit planning and management; laws, standards and regulations; and how to comply with GDPR, PCI DSS, HIPAA and more.
Top Stories
-
News
03 Jun 2026
Lost in translation: Cybersecurity board reporting for CISOs
Cybersecurity board reports don't always land. At the Security and Risk Management Summit 2026, Gartner analysts suggested a novel way to communicate cyber-risk to corporate directors. Continue Reading
-
Opinion
02 Jun 2026
How to prepare security controls for future AI regulations
With so many competing compliance requirements related to AI, how could any CISO comply with all of them? Learn how to reconcile your AI strategy with the regulatory landscape. Continue Reading
-
Tip
09 Sep 2009
Does using ISO 27000 to comply with PCI DSS make for better security?
PCI DSS is under fire for not providing enough security in the process of securing credit card data. Using ISO 27000 to complement PCI may provide better compliance and security. Continue Reading
-
Tip
24 Aug 2009
PCI DSS compliance requires new vendor management strategy
Requirement 12.8 requires a better vendor management strategy for PCI DSS compliance. Continue Reading
-
Podcast
17 Jun 2009
Business model risk is a key part of your risk management strategy
Management consultants Amit Sen and John Vaughan discuss business model risk, a way to apply risk management policies to new or changed business processes. Continue Reading
-
Tip
15 Jun 2009
How to mitigate operational, compliance risk of outsourcing services
Companies must have an approach to evaluating partner risk, the level of risk of both the service and the provider, and the adequacy of the security practices of the provider. Continue Reading
-
Blog Post
19 Mar 2009
How do you align an IT risk assessment with COBIT controls?
[One of our readers, compliance officer Ramon de Bruijn, wrote to the editors of SearchCompliance.com at [email protected] last month looking for some advice. Specifically, he asked "What ... Continue Reading
-
Answer
11 Mar 2009
How to avoid HIPAA Social Security number compliance violations
It can be difficult to decipher what a HIPAA Social Security number violation is. In this information security management expert response, David Mortman explains how to avoid HIPAA SSN violations as an employer. Continue Reading
-
Tip
05 Feb 2009
What controls can compensate when segregation of duties isn't economically feasible?
Having a strong log management capability is a good way to start when security segregation isn't possible. Mike Rothman explains. Continue Reading
-
Tip
02 Dec 2008
PCI DSS 3.1 requirement best practices
Requirement 3.1 of the PCI Data Security Standard requires minimum cardholder data storage. In this tip, learn how to determine how much data your organization should store. Continue Reading
-
Answer
09 Jul 2008
Is the Orange Book still relevant for assessing security controls?
Is the Orange Book still the be-all and end-all for assessing security controls in the enterprise? Security management expert Mike Rothman explains what happened to the Orange Book, and the Common Criteria for Information Technology Security Evaluation that replaced it. Continue Reading
-
Answer
10 Mar 2008
Does SOX provision email archiving?
Although SOX may lack specificity regarding certain controls, it does have clear mandates for email retention. Continue Reading
-
Tip
16 Jan 2008
PCI compliance after the TJX data breach
The massive TJX data breach reinforced the need for stricter controls when handling credit card information. In this tip, Joel Dubin reexamines the need for the PCI Data Security Standard and advises how to ease the PCI compliance burden. Continue Reading
-
Quiz
16 Nov 2007
Quiz: PCI DSS compliance -- Two years later
A five-question multiple-choice quiz to test your understanding of the content presented by expert Diana Kelley in this lesson of SearchSecurity.com's Compliance School. Continue Reading
-
Feature
01 Mar 2003
IT security auditing: Best practices for conducting audits
Even if you hate security audits, it's in your best interest to make sure they're done right. Continue Reading