Compliance, backup, and recovery
Compliance with the ever-increasing array of legislative mandates presents a burden to management and IT staff alike. If youāre in financial services, you are bound by Gramm-Leach-Bliley; in health care, by HIPAA; or if youāre a publicly-held corporation, Sarbanes-Oxley. If you process credit card payments, there are PCI-DSS rules to consider.
In addition, there are state regulations that transcend the stateāsuch as Californiaās SB1386 (California Information Practice Act). Although this is a California state law, it has become a de facto nationwide practice because of its scope. Any company that maintains any information about a resident of California, whether the company is in California or not, must complyāand as a result, almost every midsize to large company falls under its purview.
SB 1386 requires policies and procedures to be put in place to ensure that personal data is safe from outside attack, and in addition, requires a procedure for creating a public notification if such an attack does occur. Although it applies only to California residents, as a practical matter, a company complying with SB1386 would offer the same safeguards to all data for all customers, California resident or not. The goal of a company complying with this regulation is to focus more on the first requirement (prevention), so that the second requirement (public notification) is not required.
Although specific technology is not stated in the legislation, two key principals relating to backup and recovery systems would be ensuring the integrity of the stored data, and imposing authentication and authorization controls over the stored data.
In the healthcare business, HIPAA is one of the most far-reaching pieces of legislation that has had a major impact throughout the entire industry. Meant as legislation to improve the efficiency of the healthcare system, it also minimizes the incidence of fraud and protects the privacy of patient data. Several pieces of technology throughout the enterprise will be touched by HIPAA, most notably storage and backupāsince HIPAA mandates access controls over sensitive data.
Gramm-Leach-Bliley imposes similar controls over personal data as it relates to financial institutions, setting out technological requirements to protect the personal information of the financial institutionsā clients.
Sarbanes-Oxley, on the other hand, deals with financial data instead of client data, but it also imposes the same mandates that call for strict security controls over stored information. Section 404 of Sarbanes-Oxley is the part that deals specifically with āinternal controls,ā which sets out a broad requirement for internal security, including the concepts of authentication, authorization, and encryption, as well as auditing capabilities, over stored financial data.
Chances are, if youāre any larger than a mom ān pop operation, you are under the purview of one of these regulations, even if you donāt realize it. In many instances, it may not even be readily apparentāif you are a contractor or supplier to a company that falls under one of these compliance mandates, chances are, you too, will have to comply, for the sake of your client.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
Great post
Yes... back and data recovery is very urgent... it is a must known!I would recommend the antispyware solution from Search-and-destr
I spent a lot of time searching for a good scanner at an affordable price. I tired many different ones before I found Search-and-destroy Antispyware but when I tired it I was very happy with the results. I would recommend the antispyware solution from Search-and-destroy to anyone searching for a great scan that works just as well as Norton and many of the others that you would pay more for. Visit http://www.Search-and-destroy.com to find out more and to give this scan a try just like I did. Iām sure you will love it as much as I do.power leveling
Lakers coach Phil Jackson has recently carried out the rectification of the team, wow goldhe asked the players to be severely restricted the use of mobile phones blog and other virtual social networking tools. This provision is directed at the network this summer,wow power leveling a major role in Ron Artest.Jackson joined the Ron Artest of the new proposed requirements.wow goldZen Master in the praise of Artests offensive talent and professional attitude towards the Schmidt asked Artest must clearly understand the situation and self-positioning, wow power levelingto be honest in the new season from the defensive to start. 9.28C