Facing an increasing number of regulations, companies have to respect the law when making use of IT-systems.
IT compliance describes in corporate management the adherence to legal, company-internal and contractual regulations in the IT landscape. Compliance requirements in IT mainly include information security and availability, data retention and data protection. Companies are subject to numerous legal obligations the non-observance of which can lead to high financial penalties and liability obligations. EU regulations, international conventions, company-internal conventions and trading practices add additional rules.
The most important national regulations for meeting IT compliance requirements include:
- German Telecommunications Act
- BDSG – Federal Data Protection Act
- GDPdU – Principles of Data Access and the Auditability of Digital Records (Digital Tax Audit)
- Act for Control and Transparency in the Corporate Sector
In addition to these national regulations, European regulations (the framework Basel II for the analysis of credit worthiness) and international rules also take effect. The Sarbanes-Oxley Act (SOX) also applies for European companies when they are listed on the stock market in the US. Further regulations are for example FINRA (NASD/SEC), HIPAA, IFRS, MiFID and PCI-DSS.
CYBERLEGAL follows a full-service philosophy for companies in all areas of IT compliance.
Our expertise covers:
- Design/implementation of IT compliance concepts
- Audit of IT compliance structures
- Internal and external audits of IT security and data protection
- Audits and advice with respect to applications and automated data processing
- IT-forensic services, especially legal support for IT-forensic operations