With the dawn of the so called information age the importance of information security and information security compliance has gained much significance. Information security compliance has gone through numerous phases and self regulation became the first phase in the process. This practiced the use of carefully crafted and designed information security policies within organizations. This formulated to a more sphere supported approach which was also substituted later on. In this case many laws in sectors like health and finance regarding information security compliance came into being. The Family Educational Rights and Privacy act and the Health Insurance Portability and Accountability Act are two such jurisprudences that were added in order to enhance information security compliance.

Information security compliance is expensive and tough and firms need to hire many professionals for the task. However non compliance might be even more costly and firms that has no proper information security compliance have to risk fines, law suites and probes. The embarrassment caused by such bad publicity is likely to leave a permanent black mark on the firm concerned that could easily lead to loss of business in the long run. Specially in the IT sphere information security compliance has become a major headache and not adhering to correct criteria could even lead to criminal prosecution. Even the institutions such as universities are bothered by this issue. So having a right plan for information security compliance is very essential. It should be able to meet regulations without being strangled by them.

The most important thing is being organized where information security compliance is concerned. In some firms they use more than one section for information security compliance which is not very advisable. Then, honesty, integrity, and the commitment of the staff which handles sensitive information can be considered as vital for maintaining information security compliance. Recall the cases where things like health conditions of famous people were leaked out by staff members looking for quick money. So, there are more in the arena of information security in addition to the passwords and software.

Centralizing information security compliance standards as much as possible might make the task much easier but might not be all that advisable in each and every situation. Thus it is better that professionals with good expertise on the subject, specially with a good knowledge in the legal implications involved are taken for information security compliance. Remember that getting few tips online and reading a few books on the subject is hardly going to make you a professional.