Sarbanes-Oxley Act (SOX): Federal legislation that mandates specific standards for all U.S. public company boards, management, and public accounting firms, including requirements for business continuity and disaster recovery.
Federal Information Security Management Act (FISMA): Federal law that requires federal agencies to develop and implement information security and protection programs, including continuity planning.
Disaster Recovery Reform Act of 2018: Legislation that addresses FEMA's disaster recovery program and includes provisions for business continuity and disaster preparedness.
NIST Special Publication 800-34: Federal contingency planning guide that provides instructions, recommendations, and considerations for government IT contingency planning.
Dodd-Frank Act: Financial services regulation that includes requirements for systemically important financial institutions to maintain robust business continuity plans.
FFIEC Business Continuity Planning: Specific requirements for financial institutions regarding business continuity planning and risk management.
SEC Regulation S-P: Securities and Exchange Commission regulation requiring financial institutions to protect customer information, including during business disruptions.
HIPAA Security Rule: Healthcare regulation requiring covered entities to implement policies and procedures for responding to emergencies that damage systems containing electronic protected health information.
HITECH Act: Legislation that strengthens HIPAA requirements for business continuity and data protection in the healthcare sector.
State Data Breach Laws: Various state-specific requirements for handling and reporting data breaches, which must be incorporated into business continuity planning.
ISO 22301: International standard for Business Continuity Management Systems (BCMS) providing a framework for building organizational resilience.
NFPA 1600: Standard on Continuity, Emergency, and Crisis Management providing criteria for disaster management, emergency management, and business continuity programs.
Privacy Shield Framework: Framework for transatlantic exchanges of personal data between the EU and US, requiring adequate business continuity measures.
GDPR Considerations: EU regulation with implications for U.S. companies handling EU resident data, including requirements for maintaining service continuity and data protection.
OSHA Regulations: Workplace safety regulations that must be considered in business continuity planning, particularly regarding emergency response and worker safety.
Americans with Disabilities Act (ADA): Civil rights law requiring consideration of employees with disabilities in business continuity and emergency planning.
Fair Labor Standards Act (FLSA): Federal law governing wages and working hours that must be considered when planning for business continuity and emergency situations.
