Information Technology

                                          IT Governance  &  IT Frameworks

                          Compliance, Regulatory, Legislative & Practical Standards

                                          Legal Acts & Standards Organizations

                                                                                                Dated: 12/2007  Revised#4-4/2008

• Basel II - International Banking w/Operations in Europe
                     http://en.wikipedia.org/wiki/Basel_II

• COBIT - Control Objectives for Information and related Technology
                     http://www.isaca.org/

• COPPA - Children's Online Privacy Protection Act of 1998
                     http://www.ftc.gov/ogc/coppa1.htm

• COSO - Committee of Sponsoring Organizations of the Treadway Commission
                     http://www.coso.org/

• eDiscovery - Legal process to seek data evidence in a civil or criminal legal case.
              http://searchsecurity.techtarget.com/sDefinition/0,,sid14_gci1150017,00.html

• FERPA - Federal Education Rights & Privacy Act
              http://www.ed.gov/policy/gen/reg/ferpa/index.html  

• FFIEC - Federal Financial Institutions Examination Council
              http://www.ffiec.gov

• FIPS 140-2 Security Validation - Government Standard

              http://www.itl.nist.gov/fipspubs/  

• FOIA - Freedom of Information Act
                    http://www.state.gov/m/a/ips/

• GAAP - Generally Accepted Accounting Principles
                     http://www.fasab.gov/accepted.html

• GLBA - Gramm-Leach-Bliley Act
                    http://www.ftc.gov/privacy/glbact/glbsub1.htm 

• GPEA - Government Paperwork Elimination Act
                     http://www.archives.gov/federal-register/laws/paperwork-reduction/

• HIPAA - Health Insurance Portability and Accountability Act
                    http://www.hipaa.org/

• ISO 17799 - Information Security Management
                    http://www.iso.org/iso/catalogue_detail?csnumber=33441

• ISO 27000 - Information Security Matters
                    http://www.27000.org/  

• IFRS - International Financial Reporting Standards
                     http://en.wikipedia.org/wiki/International_Financial_Reporting_Standards

• ITGI - Information Technology Governance Institute
                     http://www.itgi.org/

• ITIL - Information Technology Infrastructure Library
                    http://www.itil-officialsite.com/home/home.asp

• NASD - National Association of Securities Dealers
                     http://en.wikipedia.org/wiki/NASD

• NIST - National Institute of Standards & Technology
                     http://www.nist.gov/

• PCI - Payment Card Industry - Data Security Standards
                     http://www.pcicomplianceguide.org/pcicomplianceguide.html

• PIIG - Personal Identifiable Information Guidelines
                     http://en.wikipedia.org/wiki/Personally_identifiable_information

• PIPEDA - Personal Information Protection and Electronic Documents Act (Canada)
                     http://www.privcom.gc.ca/legislation/index_e.asp

• SANS - SysAdmin, Audit, Network, Security
                    http://www.sans.org/

• SAS-70 - Statements of Auditing Standards No. 70
                    http://en.wikipedia.org/wiki/SAS_70

• SB1386 - California Security Breach Information Act
                     http://searchcio.techtarget.com/sDefinition/0,,sid182_gci951441,00.html

• SEC - Securities & Exchange Commission - Sections (17-a3 & -a4)
                     http://www.sec.gov/

• SOX  - Sarbanes-Oxley Act - Financial Reporting & Operations Compliance
             http://www.sarbanes-oxley.com/

• US Patriot Act - Security
                    http://www.lifeandliberty.gov/highlights.htm

• 21 CFR Part 11 - Pharmaceutical Records
                     http://www.fda.gov/ora/compliance_ref/part11/

by MKG, Intellectual Property