Are You Playing By the Rules? An Introductory Guide To Cybersecurity Compliance Laws

Business compliance laws exist to make sure your business adheres to all relevant regulations for its sector. Not abiding by these laws can cause hefty fines, so it’s best to dot all your i’s and cross all your t’s from the start.

A recent push for more standardized cybersecurity has resulted in even more compliance guidelines for businesses, yet many businesses are left high and dry when it comes to knowing what compliance actually looks like.

Here we give you an introductory guide to some of the most common compliance mandates, and who they apply to.


Implemented in 1996, the Health Insurance Portability and Accountability Act protects patients’ privacy in the healthcare industry. The HIPAA laws apply to any and all businesses involved with healthcare providers, health plans, healthcare clearinghouses, or associates of these industries. 

So, if your company has access to any protected health information, you must comply with HIPAA.


An independent body created by the major credit card brands such as Visa and Mastercard built these standards. They exist to create a secure environment for credit card transactions to prevent theft and fraud. Every company that processes, stores, transmits, and accepts credit card information must abide by the Payment Card Industry Data Security Standards.

If you have been accepting card payments and have not checked your compliance with the PCI DSS, you could land yourself in some serious hot water.

Are you compliant with cybersecurity regulations?


The National Institute of Standards and Technology has several frameworks that can apply to businesses. The government recommends them as they protect from cybersecurity issues. Since federal bodies use NIST compliance laws, programs such as FISMA and the RMF will need to be followed to bid for and maintain government contracts.

Outside of this, a few other NIST frameworks are more likely to apply to your business, and the most common is the CSF.

Cybersecurity Framework (CSF)

The CSF is the most widely used NIST publication, and it details how small businesses can reduce and manage cybersecurity risks.

The CSF falls under five core areas that identify the life cycle of a cyber threat, which include:

  1. Identify
  2. Protect
  3. Detect
  4. Respond
  5. Recover

NIST expands the core areas through subcategories for an in-depth framework. Since the CSF framework is huge, SMBs don’t have to apply the whole framework, and they can just choose the areas and subsections that apply to them.


System and Organization Controls (SOC) come from the American Institute of Certified Public Accountants (AICPA) and provide guidelines to ensure that data is effectively secured by a company’s system controls.

There are five primary focuses that SOC compliance standards are geared towards:

  1. Security: firewalls, intrusion detection, multi-factor authentication
  2. Availability: performance monitoring, disaster recovery, incident handling
  3. Confidentiality: encryption, access controls
  4. Processing Integrity: quality assurance, process monitoring
  5. Privacy: access control, multi-factor authentication, encryption

You’ll need to abide by SOC if your company does anything with payroll or medical claim processors, data center companies, loan servicers, and SaaS providers.

Why Do These Laws Exist?

They’re all about protection. Whether it’s for consumers, businesses, or even the government. With cyberattacks ever-increasing and data privacy becoming more and more important, the need for business compliance is higher than ever.

How To Make Sure You Are Abiding By All the Applicable Business Compliance Laws

The most stressful way to be sure you are adhering to all the business compliance laws is to do it all yourself. Making sure you have ticked all the right boxes in each set of rules can be an enormous task on top of the daily running of your business. That’s without even considering which laws actually apply to your company.

You could hire or train a new staff member to take charge of your business compliance. It’s likely the most effective way but is also very expensive. Yet the most cost-effective, stress-free, and safe way would be to hire an IT consulting company.

Outsourcing this job is a huge timesaver and having professionals just a phone call away to check up on any concerns is incredible. Evans Consulting Services provides a team that can aid commercial and government-involved businesses in compliance requirements, as well as other managed IT services.

Contact us today to find your business’s unique IT solution.

About the Author

I created Evans Consulting Services after running another start up business with partners. We ran the business like a corporation. Over the years, I have learned that entrepreneurship was a unique challenge. I learned that each member of a small organization is extremely important and must carry their own weight, earn their compensation and produce results. The negative impact of sub-par performance is devastating and cannot be sustained by an emerging business.

I’ve been in business as an entrepreneur for 22 years. Through ECS, we have continually demonstrated the ability to successfully partner with a variety of entities. ECS is a team player. For example, ECS entered a joint venture with Albert Kahn Associates, a 100+ old architectural firm, on a million-dollar project to design and install the cabling infrastructure for Motor City Casino Hotel. We also have maintained a managed contract customer relationship with KIRCO Management Services LLC, a multi million-dollar development, property management, and construction company that has grown nationally over the last 19 years. KIRCO is our flagship, cornerstone customer since 2001. In the future, our relationship will continue to strengthen as both companies grow.

Tony Evans

President and Founder

Verified by MonsterInsights