ZDNet UK

CNET NETWORKS UK BUSINESS SITES:
atlarge.com
BNET UK
silicon.com
SmartPlanet.com
ZDNet.co.uk

ZDNet.co.uk - Winner of Best Business Website 2007

You are here: ZDNet.co.uk > News > IT Management

Compliance Toolkit

Don't let compliance hinder your growth

Deb Shinder Tech Republic

Published: 31 Oct 2005 18:35 GMT

...about what you need to do in order to comply from legal counsel, not from salespeople who have a commission at stake.

One problem is that the statutes tend to be somewhat vague in terms of exactly what you're required to do. For example, in the US the Safeguards rule of the Gramm-Leach-Bliley (GLB) Act requires financial institutions to "identify risks to customer information and assess existing safeguards, implement safeguards that are needed to fill any gaps, and monitor the effectiveness of all safeguards".

It would be far simpler if requirements spelled out exactly what technological safeguards are to be implemented (for example, that all customer information stored on systems that are accessible via the network must be encrypted). However, you can see why that's not possible: technology changes at a rapid pace and new methods of intrusion and attack are developed on a daily basis. Even a simple requirement that data "be encrypted" doesn't ensure that it's secure if the encryption is a type that's easily cracked. For example, sending customer information across a wireless network could still subject it to interception and disclosure even if WEP encryption is used, because of WEP's known vulnerabilities.

Some regulations, such as the Health Insurance Portability and Accountability Act (HIPAA), are so complex that they've spawned fat books and certification courses. Others, such as Sarbanes-Oxley (SOX) are relatively new and compliance can be extremely expensive, especially for smaller companies.

In most cases, regulations require that the company appoint a person or team to be responsible for compliance. Even when that's not the case you should do so and ensure that the selected person or people get the proper training in the specific regulations that apply to your firm.

Selecting a solution
The first step in planning your solution is to recognise that compliance involves more than a software; compliance can significantly affect the way you do business. Any security plan, whether it's implemented because of government regulations or not, starts with the development of policies.

Next, you need to assess...

For more, click here...

1 2 3

Did you find this article useful?
201 out of 382 people found this useful

More In Compliance

Company/Topic Alerts

Create a new alert from the list below:

Related Jobs

1st / 2nd line operation support analyst

CSQA Specialist Computer Systems Validation Maidenhead Amazing*

IT AUDIT CONSULTANT - NORTH WEST

Loading Video Player ....

Featured Talkback

There will be further activation issues to watch out for as Microsoft plans to offer a similar service to independent software vendors whereby they can "control" licensing through activation and other measures similar to the Software Protection Platform.