The organization should ensure that the data center meets the requirements of national and local laws, codes, standards and (industry) regulations (e.g. PCI-DSS, HIPAA). In addition to this the organizations should consider other standards and best practices based on principles of good governance or customer demand and requirements defined in the SLA.
Policies and procedures
The organization should establish and implement company policies and procedures that covers both regulatory requirements as well as the internal compliance policies requirements.
The organization should establish procedures to ensure that it keeps up-to-date with changing laws that potentially affect the organization. The procedures should ensure that reports are prepared to be presented to the upper management detailing the (changed) laws, risk (e.g. regulatory, compliance, financial, etc.) and recommended actions the company should take to ensure compliance.
