Compliance
Our commitment to regulatory standards and data protection
GDPR Compliance
The Institute for Critical Infrastructure Cybersecurity (ICIC) is committed to complying with the General Data Protection Regulation (GDPR). We have implemented comprehensive data protection measures to ensure the privacy and security of personal data processed by our organization.
- Data Protection Impact Assessments (DPIA) conducted for high-risk processing
- Data Processing Agreements in place with all third-party service providers
- User rights implementation including access, correction, and deletion requests
- Data breach notification procedures compliant with GDPR Article 33
- Privacy by Design principles integrated into all systems and processes
Data Protection Standards
We maintain strict data protection standards across all operations:
- Encryption of data in transit and at rest using industry-standard protocols
- Regular security audits and penetration testing
- Access controls and role-based permissions for all personnel
- Secure data disposal procedures
- Incident response and business continuity plans
CCPA Compliance
For California residents, we comply with the California Consumer Privacy Act (CCPA) and provide:
- Clear disclosure of data collection practices
- Right to know what personal information is collected
- Right to delete personal information
- Right to opt-out of sale of personal information
- Non-discrimination for exercising CCPA rights
Industry Standards
ICIC adheres to recognized cybersecurity and data protection frameworks:
- NIST Cybersecurity Framework
- ISO/IEC 27001 Information Security Management
- CIS Controls for Cybersecurity
- OWASP Top 10 for Web Application Security
- Industry best practices for threat intelligence sharing
Third-Party Compliance
All third-party service providers and partners are required to:
- Maintain equivalent data protection standards
- Execute Data Processing Agreements
- Undergo security assessments and audits
- Comply with applicable regulations and standards
- Provide regular compliance certifications
Compliance Inquiries
For questions regarding our compliance practices, data protection measures, or to report a compliance concern, please contact our compliance officer:
Email: [email protected]
Regular Updates
This Compliance page is regularly updated to reflect changes in regulations, standards, and our internal practices. We encourage you to review this page periodically for the latest information about our compliance commitments.
Last Updated: January 2025