IT Governance & Compliance
What is IT Governance & Compliance?
IT Governance and Compliance involves the ability to store and retrieve data in order for businesses to adhere to various laws and regulations such as: SOX, HIPAA, PIC, SEC and more. One common thread among the regulations is the need to preserve and protect private information. Nearly all the laws have provision for privacy protections applying to storage as well as network security.
|
Do you need IT Governance & Compliance?
Do you have a business need, requirement, or challenge to:
- Retain all company records pertaining to transactions, financial reporting, compliance, privacy protection, investor and shareholder interests for extended periods of time?
- Retain unstructured data, such as email, IM, blogs, voice mail?
- Preserve original documents and databases intact?
- Certify original documents are uncompromised?
- Assure every piece of data, documents or evidence is retrieved for litigation discovery or defense?
- Retrieve all data and documents pertaining to a request within 48 hours?
- Be prepared to restore systems and data within a day or two in the event of disaster or interruption?
- Comply with one or more regulations or contracts?
- Audit your IT systems regularly?
- Do you have customers in California, Arkansas, Connecticut, Florida, Georgia, Illinois, Indiana, Minnesota, Texas or Washington?
- Do you do business with a company subject to Sarbanes-Oxley?
If you have any of the above business requirements, you need IT Governance.
What laws and regulations might my business need to adhere to?
The Health Insurance Portability and Access Act (HIPAA)
Requires health care providers and payers (insurance companies) and their third party providers to employ stringent administrative, physical and technical safeguards to protect patient's medical information. These safeguards include the hardware and software that processes that information. It includes information used and stored by hospitals, physicians, pharmacies and other medical facilities, their third-party providers and the systems that touch the patient information.
Gramm-Leach-Bliley Act, GLBA
The financial industry's law to protect confidential customer information. Penalties for violating GLBA range from fines to substantial liabilities for top executives including $100,000 per incident and up to 5 years imprisonment.
California and other states
have statutes compelling companies holding information about their state's residences - and the business partners of those companies - utilize and maintain reasonable security procedures and practices to protect the information. Companion state laws require any breaches of t private information be disclosed, subjecting the companies to class action s and liability for civil damages.
The Sarbanes-Oxley Act
Requires preservation of the integrity, accuracy and timeliness of information that goes into financial reporting. Additionally, companies doing business with public entities must certify to the effectiveness of their processes and controls as it relates to security and storage of information and systems that feed into reporting company's financials.
The Payment Card Industry Data Security Standard, PCIDSS
Mandates that any company accepting payment by credit card have controls in place to protect customer private information. A company can lose their right to accept credit cards and fined $500,000 per incident for violation. Even the courts have engaged in regulating business. The Federal Rules of Civil Procedure enacted on December 1, 2006, stipulate that businesses must be able to quickly find any electronic stored information when requested to do so by the federal court. Technology changes are required for storing and retrieving electronic data and documents - including unstructured information such as email, IM, Blogs and voice mail (both digital and analog).
FOIA
Freedom of Information Act protects individual's information from being released to the public, unless a special application is made and granted by the Federal agency holding the information.
FISMA
Federal Information Security Management Act of 2002 promotes and reinforces computer and network security within federal government and related entities (government contractors). NIST SP 800 Series sets the standard for network and computer security.
Gramm Leach Bliley Act
The HIPAA for banking and finance industries. The Act mandates safety and security to assure the privacy of individual's information given at banks and other financial institutions. It is the HIPAA for financial information.
FRCP
Federal Rules of Civil Procedure, amended December 2006. Any company suing or being sued has to provide evidence requested by the Court within 48 hours. If the info is not provided in that time, Courts have instructed juries to consider the information is detrimental to the case of the party who did not comply.
Gaining in importance are the various State laws protecting the privacy and data of their citizens. Most prominently is the California Database Protection Act. Any company or business with a customer residing in California must use and maintain security procedures and practices to protect the information.
How can Zones help me with my IT Governance & Compliance needs?
- Backup
- Retention
- Retrieval
- Recovery
- Data archiving
- Records management
- Business continuity
- Disaster recovery
Email Management & Storage
As much as 70% of corporate intellectual property is stored within the messaging system. Email is mission critical and often email servers are treated as corporate intelligence repositories - for which they were not designed. The sheer volume of email exchanged among enterprises is staggering. The amount of storage needed for email is expected to rise to 21.4MB per user, per day by 2010.
If you need help building the right solution, contact our Network Storage Specialists or call your Zones Account Executive.
|
 |
|
