Security & IT Compliance

Security standards, IT regulations, risk and control libraries, and best practices

Standards, regulations, and controls to quickly set-up your IT security compliance and governance programs

Using Galvanize's Security and IT Compliance toolkits increase assurance over IT general controls, data privacy, and cybersecurity using our integrated content to monitor compliance programs by mapping IT regulations and standards against common control frameworks.

Included in the Content For Security & IT Compliance

Browse by toolkit

A toolkit is a curated set of tools aimed at addressing one area of risk or compliance.

For example, a toolkit might include a set of data analytics, a risk control framework, and a best practices program.

IT Risk and Compliance

Regulations, standards, and risk and control matrices for general IT governance, including:

  • AICPA Trust Security Criteria 2016 - SSAE 16/18 SOC 2
  • AICPA Trust Security Criteria 2017 - SSAE 16/18 SOC 2
  • Center for Internet Security (CIS) Controls Version 7.0
  • Center for Internet Security (CIS) Controls Version 7.1
  • COBIT 2019 risk and control library
  • CSA Cloud Controls Matrix (Version 3.0.1) 2016
  • Payment Card Industry (PCI) Data Security Standard - Version 3.2
  • Payment Card Industry (PCI) Data Security Standard - Version 3.2.1
  • NIST Cybersecurity (Version 1.0) 2014
  • NIST Cybersecurity (Version 1.1) 2018
  • NIST SP 800-53 FedRAMP High Baseline Controls Framework
  • NIST SP 800-53 FedRAMP Low Baseline Control Framework
  • NIST SP 800-53 FedRAMP Moderate Baseline Controls Framework
  • NIST SP 800-53 Privacy Controls (Revision 4)
  • NIST SP 800-53 Program Management Controls (Revision 4)
  • NIST SP 800-53 Security Controls (Revision 4) / FedRAMP 2016.01

Data Privacy Compliance

Emerging data privacy regulations and standards, including:

  • EU General Data Protection Regulation (GDPR) 2016
  • ISACA Data Protection Impact Assessment 2017
  • ISACA Privacy Principles 2016
  • The California Consumer Privacy Act of 2018
Want to learn more about Galvanize's compliance with GDPR? Click here.

ISO 2700X Toolkit

Regulations, standards, and risk and control matrices for general IT governance, including:

  • ISO 27001:2013 (US, Canada, & UK Only)
  • ISO 27002:2013 (US, Canada, & UK Only)

Banking IT Risk and Compliance

Regulations, standards, and risk and control matrices for Bank IT governance, including:

  • FDIC Information Technology Risk Examination (InTREx)
  • FFIEC IT Handbook - Audit 2012
  • FFIEC IT Handbook - Business Continuity Planning 2015
  • FFIEC IT Handbook - E-Banking 2003
  • FFIEC IT Handbook - Information Security 2016
  • FFIEC IT Handbook - Management 2015
  • FFIEC IT Handbook - Operations 2004
  • FFIEC IT Handbook - Outsourcing Technology Services 2004
  • FFIEC IT Handbook - Supervision of Technology Service Providers 2012
  • FFIEC IT Handbook - Wholesale Payment Systems 2004
  • NY Cybersecurity Requirements (23 NYCCR 500)
  • Privacy of Consumer Financial Information (12 CFR 1016)
  • GLBA Privacy Examination Procedures (CFPB 2016)
  • Gramm-Leach-Bliley Act (CFPB Regulation P)
  • FDIC FIL-50-2001 BTB Effective Practices for Selecting a Service Provider
  • FDIC FIL-50-2001 BTB Techniques for Managing Multiple Service Providers
  • FDIC FIL-50-2001 BTB Tools to Manage Technology Providers' Performance Risk: Service Level Agreement

Federal Government IT Compliance

Regulations, standards, and risk and control matrices for Federal Government IT governance, including:

  • FISCAM Business Process Application Controls 2009
  • FISCAM General IT Controls 2009
  • NIST Cybersecurity (Version 1.0) 2014
  • NIST Cybersecurity (Version 1.1) 2018
  • NIST SP 800-53 FedRAMP High Baseline Controls Framework
  • NIST SP 800-53 FedRAMP Low Baseline Control Framework
  • NIST SP 800-53 FedRAMP Moderate Baseline Controls Framework
  • NIST SP 800-53 Privacy Controls (Revision 4)
  • NIST SP 800-53 Program Management Controls (Revision 4)
  • NIST SP 800-53 Security Controls (Revision 4) / FedRAMP 2016.01

State and Local Government IT Compliance

Regulations, standards, and risk and control matrices for State and Local Government IT governance, including:

  • FISCAM Business Process Application Controls 2009
  • FISCAM General IT Controls 2009
  • NIST Cybersecurity (Version 1.0) 2014
  • NIST Cybersecurity (Version 1.1) 2018

Healthcare IT Compliance

Regulatory and control guidance for the protection of sensitive health information, including:

  • HIPAA Omnibus Final Rule 2013
  • NIST SP 800-66 Implementing HIPAA Security Rule Revision 1

Not what you were looking for? Explore more content suites

Regulatory Compliance

  • Banking Compliance
  • Financial Services Compliance
  • Federal Government Compliance

Audit & Internal Controls Management

  • Banking Audit
  • Financial Services Audit
  • Federal Government Audit

Robotics

  • Resources
  • Pre-built Data Integration Robots
  • Pre-built Analysis Robots

Rsam Integrated Content

  • Rsam Regulatory Guidance

Risk Management

  • Banking Risk Management
  • Enterprise Risk Libraries