Sarbanes Oxley is one federal regulated body that may be mandated under your current employer. Usually SOX is only required of those companies that have public stockholders. If this is not the case then I would recommend reviewing the GLB Act. If your company holds any personal information (which most financial institutions do) about thier clients, then this document may help solidify your position, GLB Act Section 501-504 specifically.

All the suggestions here are right on and would meet your requirements based on the GLB Act. I just finished up an external audit and having these pieces in place went a long way to making the auditors happy.

Good Luck