ABSTRACT
To understand the interrelationship of regulations, policies, standards, procedures, and guidelines, we must first know what each of these terms means. It is a misconception to think that these terms are all the same and interchangeable; they are not. Regulations, for instance, are laws and requirements placed on an organization by government regulators. Regulations are mandated. They must be followed or implemented or there can be severe consequences to the company or the executives in charge. These consequences can come in the form of penalties, fines, loss of revenue, or even jail time. The Sarbanes-Oxley Act (SOX), Gramm-Leach-Bliley Act (GLBA), and Health Insurance Portability and Accountability Act (HIPAA) are examples of regulations that are discussed in further detail in Section 2.2.
