Description should include, but not be limited to, the following:
- Standards and regulations are determined based on the data each stores.
- Standards―a set of best practices that have been created to guide an organization’s policies, procedures, and practices, rather than requirements to adhere to specific rules. For example, Payment Card Industry Data Security Standard (PCI DSS) is an information security standard for organizations that accept payment cards.
- Regulations―requirements by a government agency that must be followed. For example, in the healthcare industry, any system or user that has access to personal health information must follow the regulations set forth in the Health Insurance Portability and Accountability Act (HIPAA).