Security laws, regulations and guidelines directory

By CSO staff, CSO |  Security, privacy, regulation

* Facilities Design, Connections and Maintenance

* Interchange Scheduling and Coordination

* Modeling, Data and Analysis

* Nuclear

* Personnel Performance, Training and Qualifications

* Protection and Control

* Transmission Operations

* Transmission Planning

* Voltage and Reactive

Source: NERC

Title 21 of the Code of Federal Regulations (21 CFR Part 11) Electronic Records

What it covers: Part 11, as it is commonly called, was issued in 1997 and is monitored by the U.S. Food and Drug Administration. It imposes guidelines on electronic records and electronic signatures in an effort to uphold their reliability and trustworthiness.

Who is affected: All FDA-regulated industries that use computers for regulated activities, both in the U.S. and outside the country.

Link to the law: http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/cfrsearch.cfm?cf...

With 2010 amendments: http://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfcfr/CFRSearch.cfm?CF....

Key requirements/provisions: Part 11 has 19 requirements, the most important of which include:

* Use of validated existing and new computerized systems.

* Secure retention of electronic records and instant retrieval.

* User-independent, computer-generated, time-stamped audit trails.

* System and data security, data integrity and confidentiality through limited authorized access to systems and records.

* Use of secure electronic signatures for closed and open systems.

* Use of digital signatures for open systems.

* Use of operational checks.

* Use of device checks.

* Determination that the people who develop, maintain or use electronic systems have the education, training and experience to perform their assigned task.

Source: LabCompliance

Health Insurance Portability and Accountability Act (HIPAA)

What it covers: Enacted in 1996, HIPAA is intended to improve the efficiency and effectiveness of the health care system. As such, it requires the adoption of national standards for electronic health care transactions and code sets, as well as unique health identifiers for providers, health insurance plans and employers.

(Note: HIPAA's requirements are significantly updated by the HITECH Act - see next entry).

More about HIPAA

* Managing HIPAA's pain

* Providence Health's CISO on recovering from HIPAA violations


Originally published on CSO |  Click here to read the original story.
Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Answers - Powered by ITworld

ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question
randomness