Regulatory compliance is a topic that few organizations can ignore. An ever-increasing number of regulations affect companies both large and small. The regulations and standards come from many sources, such as national and local governments. Examples include the Sarbanes-Oxley Act (SOX) and the California Law on Notice of Security Breach, formerly known as SB-1386. They also come from industry-specific oversight groups, such as the Payment Card Industry Data Security Standards.
What makes this situation even more complex is that any organization might need to comply with multiple sets of regulations, each of which mandates a separate set of requirements. Not surprisingly, many companies find it difficult to understand how to respond appropriately to these regulatory requirements, and then maintain their regulatory compliance through cost-effective processes and procedures. Finally, regulations often mention IT controls only in passing, and leave IT managers to determine exactly what they must do to achieve and maintain regulatory compliance
The Regulatory Compliance Planning Guide is designed to help IT managers and Microsoft customers meet specific IT compliance obligations that directly relate to major regulations and standards. The guide introduces a framework-based approach that you can use as part of your efforts to comply with these regulations and standards.
The guide provides several benefits for your organization. It shows how you can apply a control framework to both present and future regulations and standards, which helps to make the process of interpreting regulatory requirements easier and more efficient. The guide also presents solutions and suggests software products that can help you implement the IT controls that your organization needs.
Click here to download the full paper