Procurement leaders need to try to understand the metrics needed to measure compliance, develop a standardized policy, and bring in the tools and technology that make this process easier. In the source selection process, it is imperative that you have evaluation criteria in order to make the best decision for your organization. Often the supplier must have a specific certification and/or adhere to specific laws (domestic and/or international) in order to meet the regulatory compliance obligations of your organization

Some examples of these certifications, standards, frameworks and laws can include ISO 27001, OWASP, ILIT, CSA 4.0, SOC, PCI DSS, HIPAA, GDPR, CIS 20, NIST 800-53, The Data Protection Act 2018 (UK), FCPA, SOX, GLB, The California Consumer Privacy Act of 2018 (CCPA), etc.

Each of these are designed to instill trust with clients ensuring controls are in place and their data are protected. If you look at their principals, they each cover important dimensions of securing information, such as confidentiality, integrity and availability.

1. Compare and contrast any two (2) of the certifications, standards, frameworks or laws identified above.
2. Be specific in your assessment by ensuring you include who, what, where, when, why and how you would use each within your specific organization.
3. Use an example from either your organization or leveraging information available on the Internet. Be sure to cite anything used from the Internet. I just need answer for the 3rd question