Sarbanes-Oxley Act (SOX): Federal legislation that sets requirements for all U.S. public company boards, management, and public accounting firms. Focused on corporate governance, internal controls, and financial disclosure.
Dodd-Frank Wall Street Reform: Comprehensive federal law that regulates financial markets and institutions, including risk management requirements for financial institutions.
Federal Information Security Management Act (FISMA): Defines framework for protecting government information, operations and assets against natural or man-made threats.
HIPAA: Federal law that protects sensitive patient health information from being disclosed without patient's consent, includes risk management requirements for healthcare organizations.
Gramm-Leach-Bliley Act (GLBA): Federal law requiring financial institutions to explain their information-sharing practices and protect sensitive data, including risk management provisions.
SEC Regulations: Regulatory requirements for public companies including risk disclosure and management requirements set by the Securities and Exchange Commission.
OSHA Regulations: Federal workplace safety and health regulations that require risk assessment and management in workplace environments.
State Data Protection Laws: Various state-specific laws governing data protection, privacy, and security requirements, including risk management obligations.
ISO 31000: International standard providing principles and guidelines for effective risk management practices across organizations.
COSO Enterprise Risk Management Framework: Widely-recognized framework for enterprise risk management, providing comprehensive guidance for organizations.
California Consumer Privacy Act (CCPA): State law providing California residents with rights regarding their personal information and imposing risk management obligations on businesses.
NIST Cybersecurity Framework: Voluntary framework of computer security guidance for organizations to better manage and reduce cybersecurity risk.
