Regulatory Compliance (HIPAA, SOX, GLBA)    

HIPAA

Are you one of those in the healthcare industry that store patient data electronically? The mandates structured in the Health Information Portability and Accountability Act (HIPAA) have a requirement to (1.) make daily backups, offsite and encrypted to protect the privacy of patients and (2.)insure that this information can be available anywhere the patient is being treated. That's where DataSafe - Online comes in!

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates that providers, health plans, clearinghouses, and their business associates establish appropriate administrative, technical and physical safeguards to protect the privacy and security of sensitive health information. HIPAA defines safeguards that must be used to protect confidential information. For example, safeguards must be in place to:

Protect data integrity
Address security incidents
Review records of information system activity, such as:
Audit logs
Access reports
Security incidents

As a result, security information and event management (SIEM) plays a vital role in HIPAA compliance and is extremely visible and important under several Administrative Security and Technical Security Standards. Network Intelligence has mapped reports to help covered entities comply with HIPAA. The customized report package is available free of charge to all active customers on our customer support section.

HIPAA underscores Network Intelligence’s audit, alerting and reporting capabilities. By collecting and protecting all the data now, you will be ready for your next audit.
 

SOX:

The Sarbanes-Oxley Act of 2002 is considered to be one of the most significant changes to federal securities laws in the United States. Sarbanes-Oxley followed a wave of well-publicized corporate financial scandals which included Enron, Arthur Andersen, and WorldCom. Congress passed the Sarbanes-Oxley Act in large part to protect investors by improving the accuracy and reliability of corporate disclosures made pursuant to the securities laws. One of the most significant provisions within Sarbanes Oxley are the criminal and civil penalties that place executive management and the board of directors in the “hot seat”. Specifically, under Section 404 of the Sarbanes Oxley Act, executives need to certify and demonstrate that:


Files containing accounting information have not been compromised, and


All significant technical controls, including security authorizations and critical configuration files have not been compromised.

What Should Your Organization Do?

Sarbanes Oxley users in a new era of corporate governance and accountability. As a result, the vital role security information and event management (SIEM) plays in establishing and maintaining internal controls has never been greater. Companies should institute log monitoring and vulnerability assessments as a critical part of their IT internal control systems.

Both domestic and publicly-traded companies must comply with Sarbanes-Oxley. If you are a covered entity you must have methods to maintain audit trails and to log possible altering of electronic records. Network Intelligence has mapped best practices and reports to help organizations comply with audits under Sarbanes-Oxley Section 404. The customized Sarbanes-Oxley 404 report package is available free of charge to all active customers on our customer support section.

Sarbanes-Oxley underscores Network Intelligence’s audit, alerting and reporting capabilities. By collecting and protecting all the data now, you will be ready for your next audit.

 

FINANCIAL: GLBA

The Gramm Leach Bliley Act (GLBA) is a comprehensive law requiring financial institutions to protect the security, integrity, and confidentiality of consumer information. Historically financial institutions have been more security conscious than other industries, but GLBA requires a higher level of security awareness and understanding.

GLBA affects an extremely wide range of organizations including banking institutions, insurance companies, securities firms, tax preparers, and credit card companies. All federally insured financial institutions must demonstrate enterprise-wide compliance by July 2002. After July 2002, the regulatory agencies will examine for full compliance on an ongoing basis.

Depending upon the financial institutions’ supervisory authority, GLBA compliance audits are conducted by either the Office of the Comptroller of the Currency (OCC), the Federal Reserve Systems (Fed), the Federal Deposit Insurance Corporation (FDIC), or the Office of Thrift Supervision (OTS). Covered institutions must develop a risk-based information security program that includes the involvement of the board and senior management, a risk assessment of threats and vulnerabilities, effective risk management and controls, monitoring and adjusting, and board reporting.

As a result, security information and event management (SIEM) plays a vital role in GLBA. Network Intelligence has mapped reports to help covered entities comply with GLBA.

GLBA underscores Network Intelligence’s audit, alerting and reporting capabilities. By collecting and protecting all the data now, you will be ready for your next audit.
 

           E-mail: info@backupnation.com