compliance
Compare original and translation side by side
🇺🇸
Original
English🇨🇳
Translation
ChineseCompliance
合规
Common Frameworks
常见框架
GDPR (General Data Protection Regulation)
GDPR (General Data Protection Regulation)
EU data protection regulation.
Key Requirements:
- Lawful basis for processing
- Data minimization
- Right to erasure
- Data portability
- Breach notification (72 hours)
- Privacy by design
欧盟数据保护法规。
核心要求:
- 数据处理的合法依据
- 数据最小化
- 被遗忘权
- 数据可携权
- 数据泄露通知(72小时内)
- 隐私设计
HIPAA (Health Insurance Portability and Accountability Act)
HIPAA (Health Insurance Portability and Accountability Act)
US healthcare data protection.
Key Requirements:
- Access controls
- Audit controls
- Integrity controls
- Transmission security
- Business Associate Agreements
美国医疗保健数据保护法规。
核心要求:
- 访问控制
- 审计控制
- 完整性控制
- 传输安全
- 业务伙伴协议
PCI-DSS (Payment Card Industry Data Security Standard)
PCI-DSS (Payment Card Industry Data Security Standard)
Payment card data protection.
Key Requirements:
- Network segmentation
- Encryption of cardholder data
- Access restrictions
- Regular testing
- Security policies
支付卡行业数据安全标准。
核心要求:
- 网络分段
- 持卡人数据加密
- 访问限制
- 定期测试
- 安全政策
SOC 2 (Service Organization Control 2)
SOC 2 (Service Organization Control 2)
Trust service criteria.
Principles:
- Security
- Availability
- Processing Integrity
- Confidentiality
- Privacy
服务组织控制准则。
核心原则:
- 安全性
- 可用性
- 处理完整性
- 保密性
- 隐私性
Common Controls
常见控制措施
Access Control
访问控制
markdown
- [ ] Unique user IDs
- [ ] Strong authentication
- [ ] Role-based access
- [ ] Regular access reviews
- [ ] Termination proceduresmarkdown
- [ ] 唯一用户ID
- [ ] 强身份验证
- [ ] 基于角色的访问
- [ ] 定期访问审核
- [ ] 离职处理流程Data Protection
数据保护
markdown
- [ ] Encryption at rest
- [ ] Encryption in transit
- [ ] Key management
- [ ] Data classification
- [ ] Retention policiesmarkdown
- [ ] 静态数据加密
- [ ] 传输中数据加密
- [ ] 密钥管理
- [ ] 数据分类
- [ ] 数据保留政策Audit & Monitoring
审计与监控
markdown
- [ ] Audit logging enabled
- [ ] Log retention (1+ year)
- [ ] Regular log review
- [ ] Alerting on anomalies
- [ ] Incident response planmarkdown
- [ ] 启用审计日志
- [ ] 日志保留(1年以上)
- [ ] 定期日志审核
- [ ] 异常告警
- [ ] 事件响应计划Documentation
文档管理
markdown
- [ ] Security policies
- [ ] Procedures documented
- [ ] Evidence collection
- [ ] Regular reviews
- [ ] Training recordsmarkdown
- [ ] 安全政策
- [ ] 流程文档化
- [ ] 证据收集
- [ ] 定期审核
- [ ] 培训记录Compliance Checklist
合规检查表
| Control | GDPR | HIPAA | PCI | SOC2 |
|---|---|---|---|---|
| Encryption | Yes | Yes | Yes | Yes |
| Access Control | Yes | Yes | Yes | Yes |
| Audit Logging | Yes | Yes | Yes | Yes |
| Breach Notification | Yes | Yes | Yes | Yes |
| Risk Assessment | Yes | Yes | Yes | Yes |
| 控制措施 | GDPR | HIPAA | PCI | SOC2 |
|---|---|---|---|---|
| 加密 | 是 | 是 | 是 | 是 |
| 访问控制 | 是 | 是 | 是 | 是 |
| 审计日志 | 是 | 是 | 是 | 是 |
| 泄露通知 | 是 | 是 | 是 | 是 |
| 风险评估 | 是 | 是 | 是 | 是 |