What is Statutory Requirement?
A statutory requirement refers to a legal duty imposed on an individual or organization by a statute or law (e.g., HIPAA, SOX, GLBA, etc.). A statutory requirement compels an organization to comply with specific rules, regulations, or standards under penalty of legal consequences such as fines, sanctions, or other enforcement actions.
Adherence to a statutory requirement is not optional, where non-compliance can result in:
- Lawsuits;
- Reputational damage;
- Criminal prosecution; and/or
- Financial penalties.
Organizations typically assign responsibility for governing statutory obligations into its Governance, Risk and Compliance (GRC) function within the cybersecurity department. These statutory requirements often define the minimum mandatory requirements that help shape the organization’s policies, standards and procedures.