Security Knowledge Base

Compliance management is a continuous process ensuring organizations adhere to laws, standards, and internal policies. It's more than avoiding fines—it builds trust, strengthens security, and offers strategic advantage. A Compliance Management System (CMS) integrates tools, controls, and training to automate compliance. Key elements: board oversight, compliance officers, risk assessment, monitoring, audit.

The GDPR is the EU regulation on protection of personal data. This guide summarizes its principles, data subject rights, and main obligations (records of processing, breach notification, DPIA, retention, processors). 

PCI DSS defines 12 requirements in 6 goals for protecting cardholder data. SecBoard supports compliance via Framework Compliance (controls and evidence), PCI DSS Standard (app_std) for requirement text, and Asset, KeyCert, Document Register, Cabinet, SOC, Incident Register, Risk, Gophish, and Study for scope, crypto, policies, access, logging, and awareness. This guide explains the goals and requirements and how each module helps meet and demonstrate them.

The NIST Cybersecurity Framework provides a policy framework of computer security guidance. Learn about its five core functions.

ISO 27001 is the international standard for information security management. Understand its requirements and benefits.