Compliance needs and the identification of compliance requirements
Regarding compliance, we mentioned a few bits in the last section but now it is time to put those things into action. The question to answer is how the organization achieves compliance with regulations and standards in various sectors.
Standards are identified as international regulations that require compliance. If an organization does not comply with these standards, then it cannot commit to international commerce or work in a country other than the country in which it is based. Regarding the country in which the company is based, the regulatory authorities of that country are the ones that should audit the company and see that they comply with their regulations.
As mentioned in other chapters of this book, NIST is one of these standards, which has many parts that the organization should consider complying with. NIST is primarily concerned with information security, security in the general sense, and cybersecurity...