Meeting Compliance Requirements While Using Cloud Services
Compliance with government and industry regulations is an essential part of conducting business in several sectors. Many of the requirements revolve around financial, privacy, or security aspects. Most of the requirements are due to federal regulations in USA while some are industry requirements that are applicable globally. Even some of the federal regulations in USA apply to service providers abroad when they are providing service to entities in USA. In that sense, all of the compliance requirements discussed here apply to a global audience. In this chapter, the authors discuss in detail the scope of the Health Insurance Portability and Accountability Act, Sarbanes-Oxley Act, Federal Information Security Management Act, Gramm-Leach-Bliley Act, Payment Card Industry Requirements, and the Statement on Auditing Standards 70. These compliance requirements concern protecting the customer data stored in the cloud with respect to confidentiality and integrity. Several of these requirements have significant enforcement powers associated with them, and businesses need to take these requirements seriously and comply. The compliance aspect involves gathering and reporting appropriate information on a regular basis. The authors present details on all these aspects in this chapter.