IT compliance image

Understanding IT Compliance: 6 Laws Every Business Should Know

As a managed service provider, part of our role is to help small businesses determine where they need to adjust their procedures to remain compliant and to help implement those processes. If IT compliance is not on your radar, it needs to be. If you are non-compliant, even a minor cyber security attack could lead to devastating repercussions for your business. 

If your business accepts credit cards, you are impacted by the need for IT compliance. But there are many more regulations to watch out for, including some that are specific to your industry. The industries with the most strict regulations include:

  • Health insurance and care providers
  • Banking and finance
  • Manufacturing
  • Retail and ecommerce
  • Utilities and municipalities
  • Government contractors
  • Credit card issuers (across any industry)

Here are the top six compliance issues businesses face:

HIPAA Compliance

Ever since the law was signed in 1996, the Health Insurance Portability and Accountability Act, known commonly as HIPAA, protects the privacy of medical records of all individuals. It’s a fairly strict law meant to keep people or companies from obtaining sensitive and personal information on an individual. It applies to insurers, medical providers and any employers who provide healthcare insurance.

PCI-DSS Compliance

Every time you use a credit, debit or other type of payment card, the Payment Card Industry Security Standards Council (PCI-DSS) protects your payment information to help reduce fraud during the processing transaction. So basically these standards apply to every industry or business that accepts credit card payments.

GDPR Compliance

Similar to PCI-DSS, the General Data Protection Regulation (GDPR) regulates how companies manage personal customer data of European citizens. It ensures that businesses can only access data after an individual gives permission and requires companies to assess their privacy compliance programs.

FISMA Compliance

Every federal agency has the right to view IT security as a natural security matter. The Federal Information Security Management Act of 2002 (FISMA) gave federal agencies that responsibility.  So again, this regulation applies to your company.

Sarbanes-Oxley Compliance

If you are a U.S. public company, management firm or accounting firm, the Sarbanes-Oxley Act pertains to you. It was initiated by Congress in response to the high-profile Enron and WorldCom scandal, one of the most notable examples of corporate fraud in history.  It exposes conflicts of interest, encourages transparency, and most importantly, makes companies responsible for financial disclosures.


Financial institutions and companies that sell finance products and services to consumers are bound to the Gramm-Leach-Bliley Act (GLBA). It requires financial institutions to disclose what consumer information they share and why. Again, most importantly, it allows consumers to opt out of sharing their personal data with third parties.

IT compliance is critical to your business’s overall reputation. Protect it by partnering with an IT provider that understands the issues your industry faces and how to best ensure that your processes and teams are compliant. Contact us or book a quick consult to learn more.

Posted in

Are you aware of the most common cyberattack methods?

Did you know there are over 3.4 billion phishing emails sent every day? Phishing and other cybercriminal behavior are a lot more common than you’d think.

Our free “Phishing, Smishing, Vishing, Pharming? A Cyberattacks Guide” will inform you about cyberattack methods and give you the latest in data security tips. 

Phishing Smishing Vishing Pharming Download Promo

Download Now


Brian Rodgers

Before Brian founded Aeko in 2016, he oversaw large teams as an IT executive within the oil and gas industry, leading the technology infrastructure that helped that company grow to an S&P 500 company. He is passionate about bringing those same strategies to small and midsize businesses, enabling them to scale their services and adapt more quickly to market changes.