Standards & Compliance

Industry standards, data privacy regulations, and compliance frameworks.

Components

IATA Standards

Aviation industry standards:

NDC (New Distribution Capability)
ONE Order
SSIM (Standard Schedules)
BCBP (Bar Coded Boarding Pass)
BSP/ARC settlement
Baggage messaging

Data Privacy

Privacy regulations:

GDPR (EU)
CCPA (California)
PII handling
Data retention
Subject access requests

Compliance

Security and regulatory compliance:

PCI-DSS
SOC 2
Aviation security
Accessibility (ADA, WCAG)

Standards Overview

IATA Technical Standards

Standard	Purpose	Version
NDC	Distribution	21.3
ONE Order	Order management	Resolution 797
SSIM	Schedule exchange	Chapter 7
BCBP	Boarding passes	Resolution 792 v8
PADIS	Reservation messaging	EDIFACT
BagMessage	Baggage tracking	RP 1745

Regulatory Frameworks

Regulation	Jurisdiction	Focus
GDPR	EU	Data privacy
CCPA	California	Consumer privacy
PCI-DSS	Global	Payment security
DOT	US	Consumer protection
EU261	EU	Passenger rights
SOC 2	Global	Security controls

Compliance Matrix

┌────────────────────────────────────────────────────────┐
│                  Compliance Requirements               │
├────────────────┬─────────┬─────────┬─────────┬────────┤
│ System         │ PCI-DSS │  GDPR   │  SOC 2  │  DOT   │
├────────────────┼─────────┼─────────┼─────────┼────────┤
│ Booking Engine │    ●    │    ●    │    ●    │   ●    │
│ Payment System │    ●    │    ●    │    ●    │        │
│ Customer Data  │         │    ●    │    ●    │        │
│ Operations     │         │    ●    │    ●    │   ●    │
│ Analytics      │         │    ●    │    ●    │        │
└────────────────┴─────────┴─────────┴─────────┴────────┘
● = Applicable

Implementation Approach

Identify: Map applicable standards per system
Gap Analysis: Assess current state vs. requirements
Remediate: Address gaps with technical controls
Document: Maintain evidence and policies
Audit: Regular assessment and certification
Monitor: Continuous compliance monitoring