Partner with Antelope with expedite your compliance journey.
The Purpose of Compliance Services:
No matter where you are in the world, get familiar with the most common cybersecurity compliance standards.
Developed by The American Institute of Certified Public Accountants (AICPA), SOC 2 helps organizations safeguard customer data.
It includes five Trust Services Criteria: security, availability, processing integrity, confidentiality, and privacy.
ISO 27001 is the internationally recognized standard for implementing and managing an Information Security Management System (ISMS). Not to be confused with ISO 27701, ISO 27017, or ISO 27018.
This standard is used to pass an audit, guaranteeing that a business’s security protocols are up-to-date.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal standard specifically for protected health information (PHI).
Regulated by the Office for Civil Rights, HIPAA outlines the permissible use and disclosure of PHI in the USA as set forth by HHS guidelines.
Working in the EU? You need to know about GDPR. With 99 distinct articles, this set of data protection regulations is one of the world’s most comprehensive frameworks.
It’s designed to give people full control over information associated with them by limiting how organizations can use personal data.
The CIS Critical Security Controls (CIS Controls) are a globally implemented set of best practices used to boost an organization’s cybersecurity.
They’re continually updated as these controls prioritize and simplify the steps needed for a strong cybersecurity defense.
The National Institute of Standards and Technology (NIST) Cybersecurity Framework is a comprehensive — yet flexible — set of standards, guidelines, and best practices.
It is meant to be implemented alongside existing security processes in any industry.
The U.S. Department of Defense’s Cybersecurity Maturity Model Certification (CMMC) was introduced to ensure that all defense contractors use security protocols to protect sensitive defense information.
Companies responsible for handling Controlled Unclassified Information (CUI) or Federal Contract Information (FCI) must meet the CMMC requirements to remain compliant.
The FTC Safeguards Rule ensures that entities covered by the Rule maintain safeguards to protect customer information.
It applies to financial institutions subject to the FTC’s jurisdiction that aren’t subject to the enforcement authority of another regulator under section 505 of the Gramm-Leach-Bliley Act, 15 U.S.C. § 6805.
Geographic location and industry standards that Antelope supports for US-based MSPs.
The Consumer Privacy Act of 2018 (CCPA) legislation grants Californian consumers more control over the personal information businesses collect from them.
The CCPA provides directions on how organizations can comply with the law. Legal obligations include handling consumer rights requests and providing customers with necessary notices related to their privacy policies.
Criminal Justice Information Services Security Policy (CJIS) is a set of security standards created by the FBI. CJIS provides the structure needed to handle sensitive criminal justice information.
This policy is mandatory for law enforcement agencies, courts, correctional facilities, and any third-party entities that access, store, or transmit this type of data.
FedRAMP® was launched in 2011 to provide a cost-effective and risk-focused model for the federal government’s use of cloud technology.
This program is essential for government operations as it ensures that cloud technologies are implemented securely and efficiently.
The Cybersecurity Assessment Tool helps financial institutions recognize potential risks and determine their cybersecurity preparedness.
Developed by the Federal Financial Institutions Examination Council developed with ideas from the FFIEC Information Technology Examination Handbook, NIST Cybersecurity Framework, and industry-established best practices.
Minimum Acceptable Risk Standards (MARS) is designed to ensure the availability, confidentiality, and integrity of protected health information (PHI), personally identifiable information (PII), and federal tax information (FTI).
Developed by the Centers for Medicare and Medicaid Services, the standards are based on the National Institute of Standards and Technology (NIST) Special Publication 800-53.
Similar to the CMMC 2,0, NIST Special Publication 800-171 (NIST 800-171) is a federal standard that establishes procedures for defense contractors and subcontractors.
Specifically, it’s for the management of Controlled Unclassified Information (CUI), like personal data, equipment specs, logistical plans and other defense-related information.
NIST created the Privacy Framework as a voluntary framework designed to help organizations protect individuals’ privacy while also creating innovative products and services.
This gives organizations the tools to better identify and manage potential privacy-related risks.
TX-RAMP (Texas Department of Information Resources program) is a data security certification requirement for cloud computing services.
It provides “a standardized approach for security assessment, authorization, and continuous monitoring of cloud computing services that process the data of a state agency.”
Working worldwide? Antelope can get you started on these global compliance standards.
COBIT 2019 (Control Objectives for Information and Related Technologies) is the most recent evolution of ISACA’s globally recognized and utilized COBIT framework.
This comprehensive framework was developed to support understanding, designing, and implementing the management and governance of enterprise IT.
The Cloud Controls Matrix (CCM) and the Cloud Security Alliance Questionnaire (CAIQ) are a comprehensive set of security controls and practices.
Based on the CSA best practices, the CCM provides an industry-standard set of cybersecurity frameworks tailored specifically to cloud computing.
ISO/IEC 27017:2015 offers rigorous guidance on the security of cloud computing. You’ll want to follow ISO/IEC 27002 and ISO/IEC 27001 standards in addition to specific information security controls.
This code of practice gives clear instructions for additional controls based on the cloud services being used.
ISO/IEC 27701 helps organizations standardize how they handle Personally Identifiable Information (PII). By doing this, you’ll be set to comply with other data privacy regulations.
It includes guidelines on how to manage PII, making this a valuable tool for promoting data privacy within organizations.
Part of the larger ISO/IEC 27000 family, ISO/IEC 27018 is a vital first step for cloud service providers in assessing risk and implementing appropriate security measures for PII.
This industry-driven initiative creates a secure foundation for cloud computing services to protect Personally Identifiable Information (PII).
Microsoft Data Protection Regulations (DPR) are annual requirements that Microsoft suppliers enrolled in the SSPA program must abide by.
This is to ensure Personal Data and Confidential Data are properly processed. All Microsoft suppliers need to adhere to these regulations.
The MPA manages security assessments at entertainment vendor facilities on behalf of its member studios.
This set of Content Security Best Practices outlines standard controls to help secure content, production, post-production, marketing, and distribution.
Secure Controls Framework (SCF) provides organizations with a comprehensive approach to cybersecurity and privacy compliance across all operational levels.
This framework offers the guidance needed to implement and maintain internal controls in line with business objectives.
Cyber threats don’t slow down in the snow, so Antelope supports these cybersecurity frameworks.
This multi-faceted, government-led program aims to enhance cybersecurity measures across the country.
Launched by the Canadian Centre for Cyber Security in 2018, the certification is divided into five Organizational Controls and 13 Baseline Controls to address various components of cybersecurity best practices.
Created for small and medium organizations seeking to improve their cybersecurity resiliency.
This framework is designed to provide a baseline, not a comprehensive (and complicated) plan. Its goal is to provide 80% of the benefit from 20% of the effort, making it easily accessible to smaller businesses.
In addition to GDPR, these standards provide the basics for enterprises and smaller businesses.
TISAX is an industry-standard method for assessing and exchanging information security for enterprises.
Companies use TISAX to simplify the process of evaluating supplier’s level of data security and determine how to handle sensitive customer information.
UK Cyber Essentials is a government-supported program that provides organizations of any size an effective way to guard against common cyber attacks.
With two levels, Cyber Essentials and Cyber Essentials Plus, businesses can proactively protect themselves from security risks.
This framework provides the essential elements of a successful privacy management program. It’s not comprehensive and isn’t a substitute for compliance with other data protection regulations.
Make sure to consider your specific needs, and consult GDPR when necessary.
Antelope supports these industry and government standards for Australia and New Zealand.
The Australian Energy Sector Cyber Security Framework (AESCSF) is the result of a collaborative effort between several government and industry stakeholders.
This framework is designed to ensure the highest level of security in the energy sector.
Australian organizations of all sizes must defend themselves against malicious cyber threats. To assist organizations with defending against cyber threats, the Australian Cyber Security Centre (ACSC) created the Essential Eight.
This is a baseline of key mitigation strategies as defined by ACSC’s Strategies to Mitigate Cyber Security Incidents.
This Prudential Standard is designed to help ensure that APRA-regulated entities have the capability to safeguard themselves against information security incidents (including cyberattacks).
They are required to maintain information security that matches the threat posed by digital vulnerabilities.
The Protective Security Policy Framework (PSPF) outlines the Australian Government’s protective security policy. It provides guidance on how to effectively implement the policy in four key areas: personnel, physical, governance, and information security.
With the PSPF, government organizations are able to ensure effective security measures.
Minimum Acceptable Risk Standards (MARS) is designed to ensure the availability, confidentiality, and integrity of protected health information (PHI), personally identifiable information (PII), and federal tax information (FTI).
Developed by the Centers for Medicare and Medicaid Services, the standards are based on the National Institute of Standards and Technology (NIST) Special Publication 800-53.
Similar to the CMMC 2,0, NIST Special Publication 800-171 (NIST 800-171) is a federal standard that establishes procedures for defense contractors and subcontractors.
Specifically, it’s for the management of Controlled Unclassified Information (CUI), like personal data, equipment specs, logistical plans and other defense-related information.
The New Zealand Information Security Manual provides essential controls and processes necessary for protecting all New Zealand Government information and systems.
The manual also provides additional controls to help you exceed the minimum acceptable baseline levels.