Sarbanes-Oxley Act (SOX): Federal law that establishes requirements for financial risk management and corporate governance. Essential for financial reporting and internal controls considerations in risk assessment.
Federal Information Security Management Act (FISMA): Defines framework for protecting government information, operations and assets against natural or human threats. Critical for federal information security risk management.
Health Insurance Portability and Accountability Act (HIPAA): Establishes national standards for electronic healthcare transactions and data privacy. Must be considered when assessing healthcare-related risks.
Gramm-Leach-Bliley Act (GLBA): Requires financial institutions to explain their information-sharing practices and protect sensitive data. Essential for financial services risk assessment.
Occupational Safety and Health Act (OSHA): Sets and enforces protective workplace safety and health standards. Crucial for workplace safety risk assessment and remediation.
PCI DSS: Payment Card Industry Data Security Standard that sets requirements for organizations handling credit card data. Vital for payment processing risk assessment.
FERPA: Family Educational Rights and Privacy Act that protects privacy of student education records. Essential for educational institutions' risk assessment.
FedRAMP: Federal Risk and Authorization Management Program that provides standardized security assessment for cloud services. Critical for federal cloud computing risk assessment.
State Data Breach Laws: Various state-specific requirements for handling and reporting data breaches. Must be considered based on operational jurisdiction.
NIST SP 800-30: National Institute of Standards and Technology guide for conducting risk assessments. Provides fundamental framework for risk assessment methodology.
ISO 31000: International standard providing principles and guidelines for risk management. Offers globally recognized framework for risk assessment.
COSO ERM Framework: Committee of Sponsoring Organizations' Enterprise Risk Management Framework. Provides integrated approach to enterprise risk management.
EPA Guidelines: Environmental Protection Agency regulations for environmental risk assessment and management. Critical for environmental impact considerations.
Clean Air Act: Federal law regulating air emissions and air quality standards. Must be considered in environmental risk assessment.
Clean Water Act: Federal law governing water pollution and quality standards. Essential for water-related environmental risk assessment.
