ESG Report eBook: a Robust Study on Keeping Your Business Secure. HERE

Accelerate
Revenue Growth

Empower your business with Coro’s unmatched cybersecurity solutions and partner resources designed to maximize your revenue potential and drive exponential growth across global markets.
Partner With Us
Watch a Demo
Start a Trial 
Compliance Survey
Become a Partner
Contact Sales
Get Support

Watch a Demo

Explore our collection of recorded product demonstrations to witness Coro in action.

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
See how much time you could save with Coro guarding your business:
Instantly handle 95%+ of email threats
Monitor cloud app security from a single dashboard
Protect devices across the threat landscape
Prevent data loss with a deceivingly simple solution

Start a Free Trial

Try Coro for Free for the Next 30 Days

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Coro Platform

Build Your Compliance Report

Does your business satisfy security regulations? Take the survey to learn how your industry, services, and location can impact your compliance posture.
Take the Compliance Survey

Become a partner today

Turn your cybersecurity business into a revenue center

Hidden
Name
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Modules

Contact Sales

Receive comprehensive information about our product, pricing, and technical details straight from our specialists.

Hidden
Name
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
Hidden
This field is for validation purposes and should be left unchanged.
Modules

Compliance

Satisfying Compliance Regulations

Due to global connectivity and the use of cloud services, to store sensitive data and personal information, both inherent and residual risks are increasing. With the rise of cybercrimes and data breaches, organizations must be protected from all types of theft and damage and defend themselves from data breach campaigns. Sophisticated cybercriminals combined with the widespread poor configuration of cloud services mean the organization is increasingly vulnerable to cyberattacks and data breaches.

The Coro platform helps businesses protect their data and stay compliant with many of today's privacy and security regulations. We've put together some information to help you understand the regulations relevant to your business, and how Coro helps exactly.

The following provides a high-level overview of each of the regulations, and a link to additional information.

Compliance Survey
Regulation
Brief Overview
Regulated Party
Enforcement Body
Governs how companies across different industries treat consumer data
All organizations that treat consumer data. It applies to most entities, including nonprofits and common carriers
The Federal Trade Commission
Gives consumers more control over the personal information that businesses collect about them
All organizations processing information on California residents or doing business in California
The Office of the Attorney General (OAG)
Keeps networks aligned when it comes to data security and encryption and ensures that sensitive criminal justice intel is locked down with the continuity of information protection
All personnel who have unescorted access to unencrypted CJI including those individuals with only physical or logical access to devices that store, process, or transmit unencrypted CJI
The Criminal Justice Information Services Division
Protects the privacy and personal information of children under the age of 13 who use online services.
All websites, online services, and mobile apps
The Federal Trade Commission
Protects consumers in their online activities and gives people more control over their personally identifiable information, including making inquiries and requests to data controllers
All organizations processing information on Colorado residents or doing business in Colorado
The Office of the Attorney General (OAG)
Regulates how businesses collect and use data about consumers in California
All organizations processing information on California residents or doing business in California
The Office of the Attorney General (OAG) or the California Privacy Protection Agency
Obligates data controllers to fulfill certain basic data protection principles, such as data minimization and the purpose limitation
All legal entities conducting business in Connecticut or delivering products or services targeted to Connecticut residents
The Office of the Attorney General (OAG)
Protects the privacy of student's educational records
All educational institutions that receive funding from the U.S. Department of Education
U.S. Department of Education. Specifically, the Family Policy Compliance Office (FPCO)
Aims to reduce the potential risk of unauthorized data use, to develop, document, and implement an information security and protection program disclosure, or loss, no matter where along the chain it might originate
US federal agencies that provide services or receive grant money
The Department of Homeland Security
Governs businesses to protect those business's systems from any potential attacks, and to protect their consumers' data, with stricter rules surrounding the handling of personal data
All organizations which target or collect personal data related to European Union residents
The European Commission, works with each EU Member State, and designates an independent public authority
Governs companies that qualify as “financial institutions” to take several affirmative steps in order to prevent the unauthorized collection, use, and disclosure of NPI (Nonpublic Personal information)
All businesses that are significantly engaged in providing financial products or services
The Federal trade commission (FTC)
A series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI)
All organizations that: receive payment for their services and transmit personal or health information for the purposes of treatment, operations, billing, or insurance coverage
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR), the Centers for Medicare and Medicaid Services (CMS), the Federal Drug Administration (FDA), and the Federal Communications Commission (FCC)
Helps organizations protect their information in a systematic and cost-effective manner in terms of confidentiality, integrity, and availability
All organizations that store or manage data, IT-based, Health, Government, and public companies
The majority of global companies require their partners and vendors to meet these standards
Requires that every person that owns or licenses personal information about a resident of the Commonwealth must develop, implement, and maintain a comprehensive information security program
All organizations processing information on Utah residents or doing business in Massachusetts
The office of the Attorney General (OAG)
Applies to processing the information on residents or doing business in Maryland or establishing a Workgroup on Online Consumer Personal Information Privacy
All organizations processing information on residents or doing business in Maryland
The office of the Attorney General (OAG)
Ensures the safeguarding of sensitive customer data and to promote the integrity of the information technology systems of regulated entities to assess their cybersecurity risks and develop plans to address them proactively
All insurance companies, banks, and other regulated financial services institutions — including agencies and branches of non-US banks licensed in New York
The New York State regulators at the Department of Financial Services
Sets forth provisions for companies to manage personal data responsibly and lawfully. Like Europe’s GDPR, the NYPA includes lawful processing, consent, and individual rights to name a few
All organizations processing information on residents or those doing business in New York
The office of the Attorney General (OAG)
Protects credit, debit, and cash card transactions and prevent the misuse of cardholders' personal information
Any business that accepts card payments, including seasonal or small businesses
Visa, Mastercard, AmEx, JCB, and Discover
Helps companies determine whether their business partners and vendors can securely manage data and protect the interests and privacy of their clients
All technology service providers or SaaS companies that store or handle client data
The majority of global companies require their partners and vendors to meet these standards
Lays out a set of requirements for annual audits to assess and protect shareholders in financial & IT public companies by securing their access controlling data management and preventing breaches and fraud. SOX describes a course of action to take in order to show evidence of accurate, secured financial reporting and it provides companies with a way of improving their data security whilst simultaneously helping to restore public confidence, reducing chances of falling victim to a data breach
All publicly traded companies in the USA, as well as any wholly-owned subsidiaries and foreign companies that are both publicly traded and do business with the USA. Any accounting firms that are auditing companies bound by SOX compliance are also, by proxy, obliged to comply
The Securities and Exchange Commission (SEC)
Gives consumers substantial control over their personal data, and emphasizes the privacy of children, in particular, providing tools to protect their privacy and control the usage of their personal data
All businesses that process personal data and data rights for Utah citizens
The office of the Attorney General (OAG)
Enforces the consumer's right to opt-out of having personal data collected, processed, and sold, requiring companies and organizations to obtain prior consent from end-users if they collect or process sensitive personal data.
All websites, companies, and organizations that do business in Virginia, or that produce products or services targeted to residents of Virginia
The office of the Attorney General (OAG)
Regulation
ADPPA
Brief Overview
Governs how companies across different industries treat consumer data
Regulated Party
All organizations that treat consumer data. It applies to most entities, including nonprofits and common carriers
Enforcement Body
The Federal Trade Commission
Regulation
CCPA
Brief Overview
Gives consumers more control over the personal information that businesses collect about them
Regulated Party
All organizations processing information on California residents or doing business in California
Enforcement Body
The Office of the Attorney General (OAG)
Regulation
CJIS
Brief Overview
Keeps networks aligned when it comes to data security and encryption and ensures that sensitive criminal justice intel is locked down with the continuity of information protection
Regulated Party
All personnel who have unescorted access to unencrypted CJI including those individuals with only physical or logical access to devices that store, process, or transmit unencrypted CJI
Enforcement Body
The Criminal Justice Information Services Division
Regulation
COPPA
Brief Overview
Protects the privacy and personal information of children under the age of 13 who use online services.
Regulated Party
All websites, online services, and mobile apps
Enforcement Body
The Federal Trade Commission
Regulation
CPA
Brief Overview
Protects consumers in their online activities and gives people more control over their personally identifiable information, including making inquiries and requests to data controllers
Regulated Party
All organizations processing information on Colorado residents or doing business in Colorado
Enforcement Body
The Office of the Attorney General (OAG)
Regulation
CPRA
Brief Overview
Regulates how businesses collect and use data about consumers in California
Regulated Party
All organizations processing information on California residents or doing business in California
Enforcement Body
The Office of the Attorney General (OAG) or the California Privacy Protection Agency
Regulation
CTDPA
Brief Overview
Obligates data controllers to fulfill certain basic data protection principles, such as data minimization and the purpose limitation
Regulated Party
All legal entities conducting business in Connecticut or delivering products or services targeted to Connecticut residents
Enforcement Body
The Office of the Attorney General (OAG)
Regulation
FERPA
Brief Overview
Protects the privacy of student's educational records
Regulated Party
All educational institutions that receive funding from the U.S. Department of Education
Enforcement Body
U.S. Department of Education. Specifically, the Family Policy Compliance Office (FPCO)
Regulation
FISMA
Brief Overview
Aims to reduce the potential risk of unauthorized data use, to develop, document, and implement an information security and protection program disclosure, or loss, no matter where along the chain it might originate
Regulated Party
US federal agencies that provide services or receive grant money
Enforcement Body
The Department of Homeland Security
Regulation
GDPR
Brief Overview
Governs businesses to protect those business's systems from any potential attacks, and to protect their consumers' data, with stricter rules surrounding the handling of personal data
Regulated Party
All organizations which target or collect personal data related to European Union residents
Enforcement Body
The European Commission, works with each EU Member State, and designates an independent public authority
Regulation
GLBA
Brief Overview
Governs companies that qualify as “financial institutions” to take several affirmative steps in order to prevent the unauthorized collection, use, and disclosure of NPI (Nonpublic Personal information)
Regulated Party
All businesses that are significantly engaged in providing financial products or services
Enforcement Body
The Federal trade commission (FTC)
Regulation
HIPAA
Brief Overview
A series of regulatory standards that outline the lawful use and disclosure of protected health information (PHI)
Regulated Party
All organizations that: receive payment for their services and transmit personal or health information for the purposes of treatment, operations, billing, or insurance coverage
Enforcement Body
The Department of Health and Human Services (HHS), Office for Civil Rights (OCR), the Centers for Medicare and Medicaid Services (CMS), the Federal Drug Administration (FDA), and the Federal Communications Commission (FCC)
Brief Overview
Helps organizations protect their information in a systematic and cost-effective manner in terms of confidentiality, integrity, and availability
Regulated Party
All organizations that store or manage data, IT-based, Health, Government, and public companies
Enforcement Body
The majority of global companies require their partners and vendors to meet these standards
Regulation
MIPSA
Brief Overview
Requires that every person that owns or licenses personal information about a resident of the Commonwealth must develop, implement, and maintain a comprehensive information security program
Regulated Party
All organizations processing information on Utah residents or doing business in Massachusetts
Enforcement Body
The office of the Attorney General (OAG)
Regulation
MOCPA
Brief Overview
Applies to processing the information on residents or doing business in Maryland or establishing a Workgroup on Online Consumer Personal Information Privacy
Regulated Party
All organizations processing information on residents or doing business in Maryland
Enforcement Body
The office of the Attorney General (OAG)
Regulation
NYDFS
Brief Overview
Ensures the safeguarding of sensitive customer data and to promote the integrity of the information technology systems of regulated entities to assess their cybersecurity risks and develop plans to address them proactively
Regulated Party
All insurance companies, banks, and other regulated financial services institutions — including agencies and branches of non-US banks licensed in New York
Enforcement Body
The New York State regulators at the Department of Financial Services
Regulation
NYPA
Brief Overview
Sets forth provisions for companies to manage personal data responsibly and lawfully. Like Europe’s GDPR, the NYPA includes lawful processing, consent, and individual rights to name a few
Regulated Party
All organizations processing information on residents or those doing business in New York
Enforcement Body
The office of the Attorney General (OAG)
Regulation
PCI DSS
Brief Overview
Protects credit, debit, and cash card transactions and prevent the misuse of cardholders' personal information
Regulated Party
Any business that accepts card payments, including seasonal or small businesses
Enforcement Body
Visa, Mastercard, AmEx, JCB, and Discover
Regulation
SOC2
Brief Overview
Helps companies determine whether their business partners and vendors can securely manage data and protect the interests and privacy of their clients
Regulated Party
All technology service providers or SaaS companies that store or handle client data
Enforcement Body
The majority of global companies require their partners and vendors to meet these standards
Regulation
SOX
Brief Overview
Lays out a set of requirements for annual audits to assess and protect shareholders in financial & IT public companies by securing their access controlling data management and preventing breaches and fraud. SOX describes a course of action to take in order to show evidence of accurate, secured financial reporting and it provides companies with a way of improving their data security whilst simultaneously helping to restore public confidence, reducing chances of falling victim to a data breach
Regulated Party
All publicly traded companies in the USA, as well as any wholly-owned subsidiaries and foreign companies that are both publicly traded and do business with the USA. Any accounting firms that are auditing companies bound by SOX compliance are also, by proxy, obliged to comply
Enforcement Body
The Securities and Exchange Commission (SEC)
Regulation
UCPA
Brief Overview
Gives consumers substantial control over their personal data, and emphasizes the privacy of children, in particular, providing tools to protect their privacy and control the usage of their personal data
Regulated Party
All businesses that process personal data and data rights for Utah citizens
Enforcement Body
The office of the Attorney General (OAG)
Regulation
VCDPA
Brief Overview
Enforces the consumer's right to opt-out of having personal data collected, processed, and sold, requiring companies and organizations to obtain prior consent from end-users if they collect or process sensitive personal data.
Regulated Party
All websites, companies, and organizations that do business in Virginia, or that produce products or services targeted to residents of Virginia
Enforcement Body
The office of the Attorney General (OAG)
crosschevron-down