| Sector |
Legislation |
Requirements |
| Medical / Hospitals |
HIPAA Regulations |
Regulations covering electronic security and transmission of patient records. A documented, tested disaster recovery plan is required. |
| Financial Services & Banking |
FFIEC FIL-67-97 |
Board of Directors is responsible for ensuring that a comprehensive business resumption and contingency plan has been implemented, to encompass distributed computing and external service bureaus. |
| |
Comptroller of Currency BC-177 (1983, 1987) superceded by FFIEC and Federal Home Loan Bank Bulletin R-67 (1986) superceded by FFIEC |
Requires banking institutions to develop and maintain Business Recovery Plans. |
| |
Inter-Agency Policy from Federal Financial Institutions Examination Council (FFIEC - 1989, revised and made stronger 1997) |
Requires business wide resumption planning and extends regulation to require contingency plans from any service bureaus or outsourcing companies which service such banks. |
| Public Companies |
SEC Regulations |
"Reasonable safeguards for information" - Board of Directors and senior management will be accountable. |
| |
Foreign Corrupt Practices Act (1977) |
Requires that publicly-held corporations provide "reasonable protection for information systems" and holds management accountable |
| All Companies |
IRS Procedure 86-19 |
Legal backup and recovery requirements for computer records containing tax data. |
| eCommerce Transactions |
Consumer Credit Protection Act (CCPA) section 2001 Title IX (1992) |
Due Diligence for availability of data in Electronic Funds Transfers including Point of Sale. |
| Federal Government |
Computer Security Act |
Requires security plans for all federal computer systems to assure data integrity, availability, and confidentiality |
| State Governments |
Various State Departments of Administrative Services Policies, e.g., Texas, (1 TAC 210.13(b)), Oregon's Dept. of Information Resources (ORS 291.038) |
Policies assigning responsibility for contingency planning within state agencies. |
