Data security standards encompass criteria and guidelines adopted by organizations to safeguard both sensitive and confidential information. By implementing these standards, organizations aim to prevent unauthorized access, disruption, use, modification, disclosure, or destruction of data.
Ensuring the adherence to data security standards is crucial for safeguarding the information that organizations generate, collect, store, transmit, or receive, protecting it against a spectrum of threats, whether internal or external.
Some of the standards supported by Sigmify GRC solution are:
ISO/IEC 27001
An international standard to manage information security. The standard was originally published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC) in 2005, revised in 2013, and again most recently in 2022
SOC 2
A voluntary compliance standard for service organizations, developed by the American Institute of CPAs (AICPA), which specifies how organizations should manage customer data. The standard is based on the following Trust Services Criteria: security, availability, processing integrity, confidentiality, privacy
NIST
A voluntary cybersecurity framework to help businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data
HIPAA
A U.S. federal law passed by the Department of Health & Human Services in 1996 aimed at protecting the personal data of patients from public access that is mandatory to follow