Security Compliance and policies

-

A. Organisation Level

1.  Service Organisation Control(SOC-1/2 Type-I/II)

https://www.netgainit.com/soc-2-type-ii-certification-defined/

2. General Data protection Regulation Requirements(GDPR)

https://www.csoonline.com/article/3202771/data-protection/general-data-protection-regulation-gdpr-requirements-deadlines-and-facts.html

3. HIPAA (Health Insurance Portability and Accountability Act)

https://searchhealthit.techtarget.com/definition/HIPAA

4. NIST(National Institute of Standards and Technology)

https://digitalguardian.com/blog/what-nist-compliance

5. (STAR)Security, Trust & Assurance Registry

https://cloudsecurityalliance.org/star/#_overview

6. CSA(Cloud Security Alliance)

https://www.cloudsecurityalliance.org/csaguide.pdf

7. PCI(Payment Card Industry)

https://www.pcisecuritystandards.org/

8. SOX(Sarbanes-Oxley Act )

https://www.blackstratus.com/sox-compliance-requirements/

9. ISO27001 ISMS

http://www.iso27001security.com/html/toolkit.html

B. Software Level

1. OWASP(Open Web Application Security Project)

https://www.hpe.com/us/en/insights/articles/the-owasp-top-10-is-killing-me-and-killing-you-1710.html

2. SWAT (Secure Web Application Tactics )

https://software-security.sans.org/resources/swat

3. BSIMM(Building Security in Maturity Model) 

https://www.bsimm.com/content/dam/bsimm/reports/bsimm8.pdf



Comments

Post a Comment