Who is subject to which Standards, Certifications and Regulations? 
American Data Privacy and Protection Act (ADPPA) all organizations that treat consumer data; this applies to most entities, including nonprofits and common carriers 

Criminal Justice Information Services (CJIS) all personnel who have unescorted access to unencrypted CJI including those individuals with only physical or logical access to devices that store, process, or transmit unencrypted CJI 


Federal Information Security Management Act (FISMA) US federal agencies that provide services or receive grant money 

General Data Protection Regulation (GDPR) all organizations that target or collect personal data related to European Union residents
Health Insurance Portability and Accountability Act (HIPAA) all organizations that receive payment for their services and transmit personal or health information for the purposes of treatment, operations, billing, or insurance coverage
Information Security Management System (ISMS) (ISO 27001) all organizations that store or manage data, IT-based, health, government, and public companies 
Payment Card Industry Data Security Standard (PCI DSS) All organizations that accept, process, store, or transmit credit card information must comply with these standards in order to prevent credit card fraud and protect sensitive information.  
Service Organization Control 2 (SOC2) all technology service providers or SaaS companies that store or handle client data
The Gramm-Leach-Bliley Act (GLBA) All businesses that are significantly engaged in providing financial products or services
All need an IT/IS Risk Assessment be performed annually
All need a Vulnerability Assessment be performed annually
All Need PenTests be performed annually
NOTE 2: 
Gailey Solutions performs all of there Services and many more
Gailey Solutions performs many of the remediation services required to meet the requirements
Call with Questions.
Peter Gailey