Governments have introduced laws and legislations that require organizations to adhere to regulations, standards, and operating practices regarding the use and exchange of information.

Standards certifications and compliance audits (such as for Sarbanes-
Oxley) are sought after by both public and private organizations.
Information security policy audits are required to generate metrics on security compliance for senior management. Legislative restrictions or compliance requirements can affect healthcare professionals, financial institutions, and multinational enterprises.

SSO Certified Information Systems Auditors (CISA) and Certified Fraud Examiners (CFE) lead the compliance teams to prepare organizations for information systems audits, identify areas where improvements may be necessary, generate audit criteria and perform standards audits such as Sarbanes-Oxley, HIPAA, PIPED-A, ISO 13335 and ISO 17799.