What is Statutory Obligation?
A statutory obligation refers to a legal duty imposed on an individual or organization by a statute or law (e.g., HIPAA, SOX, GLBA, etc.). Statutory obligations compel organizations to comply with specific rules, regulations, or standards under penalty of legal consequences such as fines, sanctions, or other enforcement actions.
Adherence to statutory obligations is not optional, where non-compliance can result in:
- Legal liabilities;
- Reputational damage;
- Criminal prosecution; and/or
- Financial penalties.
Organizations typically assign responsibility for governing statutory obligations into its Governance, Risk and Compliance (GRC) function within the cybersecurity department. These statutory obligations often define the minimum mandatory requirements that help shape the organization’s policies, standards and procedures.