HIPAA, short for Health Insurance Portability and Accountability Act, which was passed by United States congress in 1996, is a legislation that entails the protection of health information. It provides national standards for healthcare information and transactions, and minimizes healthcare fraud. For more information, check this page.
ISO/IEC 27001 is the most popular standard in the 2700 family, which involves the security of information assets. This standard provides requirements for an ISMS, short for information security management system, by using a process of risk management. For more information, check this page.
PCI DSS, which stands for Payment Card Industry Data Security Standards, it helps create a worldwide standard for companies that accept or work with major credit cards providers to ensure security. It wishes to provide a list of policies, standard implementations and technologies. For more information, check this page.
SOC-1, the Service Organization Controls Report, previously known as SSAE, the Statement on Standards for Attestation Engagements, is a report that sets the standards for an audit of a user entity’s financial statements. Basically, it says what you need to show as a user entity, in financial terms (a financial transaction per se), in case of a service control. For more information, check this page.
Just as SOC-1, SOC-2 focuses on information reports and statements. It is based on the Trust Service Principles, and It is concerned with the data security behind transactions, and the privacy of the user entity doing the said transaction. This report concerns SaaS companies, which handle customers’ information. For more information, check this page.
The SOC-3 report entails the same things as SOC-2. The main difference is that it is destined for a wider audience and can be distributed freely. It is also based on the Trust Service Principles, which are security, availability, processing integrity, confidentiality and privacy. For more information, check this page.