CyberScrub Data Disk Drive Erasure Compliance


Articles	Audiocasts/Podcasts		Government Reports
RSS Feeds
Compliance Solution Advisors Gramm-Leach-Bliley Sarbanes-Oxley		Regulatory Compliance SEC Rule 17A-4 HIPAA

This library offers a collection of information and resources specifically focused on computer security, data destruction, document life-cycle solutions, compliance and password management. All resources are available to post and distribute on your website, forums, blogs and other compilations, with the strict stipulation that these works must be published in their entirety, with full credit and notice given to their origin and copyright. You may also link directly to these items. Please contact us if you have any questions regarding re-publication or distribution.

Our goal is to develop a comprehensive security portal. We welcome your suggestions and will work hard to include information you may require. This project is in constant development, and your suggestions for additional content are very much appreciated.

We invite relevant, on-topic submissions for inclusion. If you are interested in submitting papers, audiocasts or other media, please contact us. We will also consider the exchange of links as applicable.

Articles

Legal Requirements to Delete EU Personal Data by James M. Jordan
This paper, prepared by the former Chief Privacy Leader and Senior Counsel for E-Commerce & Information Technology of General Electric Company is required reading for those assigned the stewardship of European-based personal data and records.

Data Destruction and Document Life Cycle Policies:
Considerations for Compliance with Federal Mandates and Acts
A perspective on issues relating to Electronic Data Retention and how this relates to compliance with federal and state regulations such as Sarbanes-Oxley (SOX), HIPAA, FACTA, Gramm-Leach-Bliley (GBL) and other.

The Seven Sins of Degaussing
Degaussing a hard drive is a procedure that utilizes a machine to produce strong electromagnetic fields that destroy magnetic data on a disk. While many are initially impressed with the speed of this process, there are serious disadvantages to degaussing.

Security Issues with Decommissioning Magnetic Media
This document describes practical considerations of taking magnetic media out of useful service of transferring such media to other departments of organizations. After raising awareness of the security, business and legal concerns, the document evaluates different techniques for the reader to be able to assess his options. Finally, the cyberCide™ product is presented as a cost-effective solution to address these risks.

Legal and Regulatory Violations Caused by Not Destroying Data Before Discarding
A comprehensive chart referencing various types of data and the acts and regulations they are subject to. An essential resource for compliance.

Practical Uses of CyberScrub Technology to Ensure the Secure Deletion of Data
This paper will touch briefly on the practical applications of deploying CyberScrub products and technology to 1) wipe free and slack space on hard drives and 2) affect the transparent secure erasure of selected files and folders through standard keyboard interaction.

^back to top

Audiocasts/Podcasts

AUDIOCAST/PODCAST
Listen to this informative talk by noted attorney and Ziff Davis Security Virtual Tradeshow panelist Jon Neiditz. Topics include the implications of data destruction in reference to federal compliance acts and policies.

^back to top

Government Reports

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE
An astounding number ( >40%) of health insurance contractors and state Medicaid agencies experienced a breach of PHI and other privileged health information within the last 24 months, according to a new Government Accounting Office report.

^back to top

Compliance Solution Advisors Headlines

^back to top

Gramm-Leach-Bliley Act Headlines

Live Webcast: Tips and Tricks for Jumpstarting Your Compliance Project
Protecting your data is enough of a headache without having to keep up with regulations and quickly prove compliance during audits. On top of that, not complying risks fines, unwanted press, and loss of business. Join this live TechRepublic Webcast, featuring Sophos compliance expert John Metzger, to understand more about the regulation challenge, and identify technologies and best practices to help you protect data and be compliant. You'll learn about: The compliance challenge Most common regulations Compliance technologies 10 best practices for achieving compliance Register Now for this interactive Webcast - you'll leave with several tips and tricks to jumpstart your compliance project!

The state of privacy and data security compliance
With new privacy and data security regulations increasing, organizations are asking questions. Do the new regulations help or hinder the ability to protect sensitive and confidential information? With these new regulations on the march, how can you remain competitive in the global marketplace? This report provides answers and examines how compliance efforts can impact a company's bottom line.

Harmonizing Controls to Reduce Your Cost of Compliance
Mounting regulations across the globe have increased the cost and burden on organizations. The high cost is especially felt by organizations which must adhere to multiple requirements - 75 percent of organizations must comply with two or more regulations and corresponding audits and more than 40 percent must comply with three or more regulations. Audit preparation typically occurs in functional silos, with different project teams focused on addressing an individual compliance initiative, resulting in significant operational inefficiencies and higher costs to demonstrate compliance. This webinar examines the Unified Compliance Framework and how it can be leveraged to harmonize controls across multiple regulations such as PCI, SOX, HIPAA, NERC and many others. Learn how to eliminate overlapping control requirements and ensure a more efficient and less costly approach to compliance.

Endpoint Security Considerations for Achieving GLBA Compliance
Rebooting the global financial system may take years. The international move to new regulatory organizations will require financial institutions to change the way they do business. No one knows exactly how the system will change yet, but one thing is certain: financial institutions will be required to protect the security and confidentiality of customer information. The Gramm-Leach-Bliley Act (GLBA) of 1999 (P.L. 106-102) defines guidelines and standards for safeguarding customer information. These rules apply to all financial institutions doing business in the U.S. New laws and financial regulations for the coming reboot may change GLBA, but increasing threats to customer data will only guarantee tighter security requirements.

GLBA Compliance Requires That Leaks Be Sealed
Financial institutions must protect customer privacy and adhere to regulatory requirements. The Gramm-Leach-Bliley Act of 1999 (GLBA) restricts the sharing of private customer data; even the accidental loss of sensitive information can trigger profound consequences. Not just limited to banks, GLBA applies broadly to the financial community. It affects financial institutions such as non-bank mortgage lenders, insurance companies and investment advisors. In addition to formulating a privacy policy, financial institutions must implement "Administrative, technical and physical safeguards", according to the Federal Trade Commission.

Basel II Compliance With Tripwire: Configuration Control for Virtual and Physical Infrastructures
As if financial institutions did not have enough compliance worries, a new international standard - Basel II - now looms on the compliance horizon. Unlike other laws and standards affecting financial institutions in the US and overseas such as the Gramm-Leach-Bliley Act ("GLBA"), the EU Data Protection Directive and the PCI Data Security Standard, however, the ramifications of this law extend beyond protection of electronic consumer data. Instead, Basel II focuses on the institution's core functions of evaluating, planning for, and disclosing financial risk.

Achieving Federal Desktop Core Configuration Compliance (FDCC) with Lumension® Solutions
The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration set applicable within United States Federal Government agencies. Private enterprises may also choose to utilize this established framework as a foundation for their own security configuration baselines. All federal agencies that utilize or plan an upgrade to either Windows XP or Vista must report compliance, with FDCC reporting requirements dictated by the standard FISMA reporting guidance. The FDCC specific configuration requirements are generally based on the "Principle of Least Privilege" restricting user and machine rights. This whitepaper examines the FDCC requirements, the compliance challenges including vulnerability management, change control, and system security management and also highlights how Lumension's SCAP Validated FDCC scanner is integrated with a complete vulnerability management solution to effectively enable compliance with these standards.

Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications
View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line. You'll learn to: Improve performance of the production environment Archive or purge inactive transactional data automatically to an online database or offline flat file Maintain complete application integrity Comply with data retention regulations Reduce application storage footprint Enable accessibility to archived data Further your bottom-line savings with application retirement Sponsored by:

Developing a Sustainable IT Compliance Program
Today's IT compliance environment is becoming increasingly complex, driven by pressures in both the legislative environment and in technology itself. The legislative environment around IT is extremely complicated and changing rapidly. Companies must now respond to legislation at the state, national, and international levels — nvironments which are complex and often ontradictory. At the same time, the legal penalties for non-compliance and data breaches are skyrocketing. New technology trends are simultaneously increasing the complexity of the computing environment, making compliance more difficult and issues more nebulous. Read this ExecBlueprint, featuring insights from three top compliance attorneys, to see why IT leaders must partner with their peers throughout the organization to create a complete compliance program that is robust and sensitive to the forces continually shaping the landscape.

Dynamic Warehousing for Banking Buyer's Guide: A comprehensive solution for leveraging data in today's financial industry
Most organizations realize that the key to success lies in how well they manage data—and the banking industry is no exception. From customer statistics to strategic plans to employee communications, financial institutions are constantly juggling endless types of information. Not only does this data provide the basis for major corporate moves, it also impacts business on a more granular level by helping to maintain customer loyalty and improve staff productivity. Simply put, a bank's information is its lifeline. That's why it's critical for financial institutions to be able to access relevant data when it's needed most.

Privilege Access Control For Compliance with Gramm-Leach-Bliley Act (GLBA)
Symark PowerBroker enables IT compliance with the Gramm-Leach-Bliley Act protecting consumers' non-public personal information on UNIX & Linux systems. Gartner's paper on the importance of controlling UNIX superuser privileges is reviewed to explain the security gap between UNIX operating system design and GLBA compliance. PowerBroker bridges that gap--securing private consumer information through privilege delegation, encryption, and accountability.

Passing Compliance Audits in Heterogeneous UNIX/Linux Datacenters
Lack of access controls in native UNIX/Linux operating systems prevents them from passing today's compliance audits. Security issues surrounding the practice of sharing access to privileged accounts and the absence of least-privilege access control makes accountability a near impossibility. Symark Software's PowerBroker enables IT departments to bring these systems into compliance with multiple mandates such as PCI DSS, SOX, HIPAA and GLBA. PowerBroker creates RBAC-like access control that simplifies and lowers the costs security administration across heterogeneous platforms.

Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
Concerned your site is not in compliance with serious data regulations? Be sure to stay on top of regulations such as PCI, HIPAA, Sarbanes-Oxley, FISMA and others which help keep your customers safe. Learn about these regulations and how to comply with them when you read this free white paper, "Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology."

iSeminar: Meeting the Challenges of Compliance
This Internet seminar explores the compliance issues facing midsize organizations and how Oracle solutions can resolve them affordably and efficiently.

Identity Management for Midsize Businesses: Reducing Costs, Securing Data and Ensuring Compliance
This whitepaper highlights the unique needs of midsize businesses and explores the factors driving them toward stronger identity management platforms, such as Oracle Identity Management.

^back to top

Sarbanes-Oxley Headlines

Establish operational resilience across your financial institution with change management tools from IBM
More than ever before, banks need sophisticated tools in place to help them gain insight into their infrastructure. Tivoli change management software offers powerful capabilities to help facilitate compliance and improve service levels to support business objectives.

Evaluating the Security of Google Apps
Despite the ever rising popularity of cloud computing solutions, many IT professionals remain concerned about security and compliance. However, as one of the fastest growing cloud solutions, Google Apps is actively addressing these concerns by offering simple, powerful, and secure communication and collaboration tools for organizations of all types and sizes. But how secure are cloud-based solutions and how do you know if Google Apps will satisfy your own security and compliance requirements? IT leaders at Boise State and packaging leader MWV have already answered those questions and are now ready to share their experience. TechRepublic presents Evaluating the Security of Google Apps, a Webcast about the most important security and compliance issues: Learn what security and compliance questions to ask of a cloud computing provider Discover how to educate your internal stakeholders on security and compliance issues Explore the security and compliance practices of Google Apps Hear how Boise State and MWV secured Google Apps for their own organizations Google Apps is specifically designed to streamline setup, minimize maintenance, and reduce IT costs by providing a secure and reliable platform for a wide variety of integrated applications. View this TechRepublic Webcast to learn how successful organizations such as Boise State and MWV have already addressed the issue of security and compliance in the cloud and now enjoy all the benefits that Google Apps has to offer. View it Today!

TechNet Webcast: Service Manager 2010: Automate and Simplify Compliance and Risk Management (Level 200)
For any organization, regulatory compliance, and risk management are very important aspects. These are costly and complex, and the organization, manages then either through manuals or through disconnected processes, within an organization. This webcast presented by Clare Henry, Principal Product Manager - System Center Service Manager, Microsoft Corporation gives you much insight about how to automate and simplify compliance and risk management. Throughout this 15 minutes webcast, the presenter clearly explains the methods through which you can automate these two difficult processes. There are hundreds of standard and regulations like Health Insurance Portability and Accountability Act (HIPAA), the Sarbanes-Oxley Act of 2002 (SOX) etc. This webcast tells the attendee how Microsoft System Center Service Manager 2010 can help one automate the activities related to risk management and regulatory compliance very easily. There is a panel discussion at the end of this webcast, and the attendee can ask experts the queries that they have regarding, compliance, or risk management, or Microsoft solutions.

Six Critical Elements to Achieving Economies in FISMA Compliance
Through process automation, continuous compliance reporting, and security control enforcement, Lumension eases the FISMA compliance burden by delivering on the six elements of compliance economy: agility, consistency, efficiency, transparency, accountability, and security.

Six Critical Elements to Achieving Economies in Healthcare IT Security and Compliance
Through process automation and security control enforcement, Lumension eases the healthcare IT security compliance burden by delivering on the six elements of compliance economy: agility, consistency, efficiency, transparency, accountability, and security.

Six Critical Elements to Achieving Economies with NERC CIP Compliance
Through process automation and security control enforcement, Lumension eases the NERC CIP compliance burden by delivering on the six elements of compliance economy: agility, consistency, efficiency, transparency, accountability, and security.

Regulatory Compliance Highlights Value of Data Security Solutions
Amendments to the Information Technology Act, 2000, have created additional and more stringent compliance requirements relating to cyber security, highlighting more than ever the value of data security solutions. Chief information officers and heads of technology charged with promoting compliance will need to pay even greater attention to their organizations' security needs as their organizations seek to ensure the confidentiality of information while providing necessary access to employees. Finding the right tools to meet compliance requirements, protect data, and provide safe access is increasingly becoming more critical.

Four principles of effective threat protection: Defining the right strategy and tools to defend your business against malware
With all the web-connected ways your organization does business, you have to be ready to handle malware attacks, multiplying threat vectors and increased compliance responsibilities. Threat protection requires an updated approach now that the classic model of anti-virus plus firewall is no longer enough. Current best practice calls for interlocking layers of protection that support your company's business processes and the digital assets you need to protect. This paper describes principles you can use to strike the best balance between enabling your business and ensuring effective security.

IBM and Neocol eDiscovery and Email Archiving Solution Enables Toyota Financial Services to Have Immediate Access to Critical Information
Toyota Financial Services wanted to search and retrieve e-mail communications in a timely manner as part of any audit trail or legal discovery motion. An eDiscovery and e-mail archiving solution that helps staff meet auditing requirements for Sarbanes-Oxely and U.K.'s Financial Services Authority regulations while dramatically improving e-mail performance was deployed.

Secure and compliant collaboration and access
This white paper discusses how the need for faster access to resources can enable more effective collaboration but can also create significant security and compliance challenges. The paper then describes how IBM offers an adaptable, business-driven, holistic approach to security that addresses the different risk domains across organizations.

Key Strategies to Simplify Exchange Auditing
When your business deals with sensitive data, a strong auditing and compliance policy MUST be in place. And this policy needs to provide specific details about security compromises and unauthorized system changes - not just a general overview. In this Quest Software white paper, discover how to easily understand and control who accesses your company's most valuable data. Also, you'll learn how to find much more than just surface details when security is compromised, giving you the power to safeguard the company's valuable information. Secure Exchange, and empower your auditing and compliance policies. Read this valuable white paper today.

Beyond SIEM: The Next Generation of Security Management
Many of the largest data breaches of the past 10 years share a critical common characteristic. The organizations that were breached had the information they needed to stop the intruders before the breach happened. So the question is, how do you find that critical information in the mountain of data within your organization in time to act on it? The answer is a properly implemented Security Information and Event Management solution (SIEM). In this program, opinion leaders from Novell and Infosys, and leading experts from featured analyst firm, Gartner, Inc., explore the emerging trends in SIEM and provide crucial advice on how to use SIEM to enhance your security and compliance programs.

IBM's Information Archive
IBM's Smart Archive strategy, bolstered by a series of hardware, software, and services offerings, is designed to help customers transition from short-term archiving decisions and their associated risks to a longer-term, simpler approach to information retention. The offerings enable organizations to unify several aspects of the archive process (including the collection, analysis, management, retention, storage, and access of information) while providing a variety of technology consumption models inclusive of integrated appliances, managed services, and cloud-based services to help archiving fit into existing business and IT operating procedures—and not the other way around.

Secure Web Conferencing with Alistair Lee by Adobe
Watch this 15 minute session with Adobe's Alistair Lee to learn how Adobe® Connect™ uniquely enables organizations to gain all of the benefits of Web conferencing while meeting necessary security and compliance requirements.

^back to top

Regulatory Compliance Headlines

Healthcare Webinar: Building Smarter Healthcare Processes -- Are You Prepared?
The pace of change for Healthcare has never been faster or more demanding - from ongoing regulatory and policy changes to increasing pressure to deliver superior care and coverage with the utmost of transparency while reducing costs. Find out how the role technologies such as Business Rule Management Systems (BRMS) and Optimization software will play in helping Healthcare organizations of all types and sizes build smarter processes that allow you to adapt to change faster, overcome process silos and improve patient care and safety.

Smarter Healthcare Processes in 2010. Reduce Costs, Increase Productivity, Deliver Best Outcomes with IBM ILOG Business Rule Management System (BRMS) and Optimization Software.
The pace of change for Healthcare has never been faster or more demanding - from ongoing regulatory and policy changes to increasing pressure to deliver superior care and coverage with the utmost of transparency while reducing costs. Find out how the role technologies such as Business Rule Management Systems (BRMS) and Optimization software will play in helping Healthcare organizations of all types and sizes build smarter processes that allow you to adapt to change faster, overcome process silos and improve patient care and safety.

Protecting Enterprise Data with Proofpoint Encryption
Learn more about Proofpoint Encryption, Proofpoint's easy-to-deploy and easy-to-use policy-based email encryption solution and why email encryption is a critical component of today's email security solutions. Download this whitepaper to learn about: A brief overview of regulatory trends that are driving the adoption of encryption and DLP solutions. How email encryption plays a critical role in data loss prevention. Challenges associated with deploying traditional email encryption solutions. How Proofpoint Encryption eliminates key management, administration and end-user adoption issues associated with traditional email encryption solutions.

^back to top

SEC Rule 17A-4

Compliance: SEC 17a-4/NASD 3010/3110
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today.

The Case for Document Management
Are you asking how to avoid court-imposed sanctions? Are you wondering how to keep the escalating costs of electronic and paper discovery to a minimum? Whether the objective is to handle litigation, deliver new contracts, or projects, companies today need solutions that promote teamwork. However, common bottlenecks inhibit many organizations from achieving their peak performance: Risk imposed by compliance regulations and corporate guidelines Quality problems and delivery delays caused by inefficient processes Lack of coordination between external partners, vendors, parties and clients Difficulties in capturing, finding, and leveraging organizational knowledge The ViewWise Document Management Solution can help your organization address compliancy and eDiscovery efforts. Computhink's ViewWise was created to assist organizations by helping eliminate the content burden that surrounds most offices today. ViewWise does this by helping organizations with access, archiving, storage, security, workflow and tracking of Electronic Content, while providing simple options for scanning, integrating, importing, and classifying.

Getting ahead of security issues, compliance regulations and IT processes
It can be difficult to ensure the confidentiality and integrity of your critical data with customers demanding 24/7 secure access to their data and regulators applying pressure on your business. In this Risk, Compliance and Security e-Kit for Financial Institutions, you'll learn about IBM security solutions that proactively protect against worms, viruses and other threats. There is a Tower Group white paper on the need for stronger consumer banking authentication, a study about innovative solutions for identifying, measuring, and optimizing operational risks and an ISS case study about staying on top of new vulnerabilities. Plus, six other reports on preventive solutions to security.

What Can 2007 Teach Us About 2008?
2007 was a tumultuous year for U.S. businesses and employees, filled with extreme highs and disappointing lows. Private equity garnered nearly $400 billion in mega deals in merely six months, and news of multiple billion-dollar acquisitions (Chrysler, Alltel and CKX) illustrated a trend of public companies going private. However, financial markets soon shifted and companies felt the backlash. Lenders scrutinized borrowers with tougher standards, limiting access to capital. After several months of market volatility, market direction remains unclear. We face a Catch-22: business leaders are conservative in making projections as they look for a cue from the markets, and the markets look for a cue from business leaders regarding new initiatives. Each month, Tatum, LLC surveys its financial and technology executives regarding current business conditions and economic trends. With nearly 1,000 executives serving companies of all sizes across a broad base of industries in every geographic region of the United States, the Tatum Survey of Business Conditions takes a representative pulse of business activity. This document contains results and analysis from Tatum's Survey of Business Conditions from May through December 2007. Survey topics include private equity, M&A, regulatory compliance and reporting, and financial executive pressures.

Trust and Competitive Advantage: An Integrated Approach to Governance, Risk Management and Compliance
Burned by Enronesque accounting scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a company's shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.

Data Quality, Compliance, and Risk for Financial Institutions
Poor data quality is endemic in most financial institutions, with risk managers frequently citing a lack of clean, high-quality data as the biggest inhibitor to achieving their risk management and regulatory compliance objectives. To combat the problem, Informatica offers data quality scorecarding capabilities -- a metrics-driven approach to measuring, tracking, and reporting on data quality defects. Read this informative white paper to learn more about it.

An Integrated Approach to Managing Governance, Risk, and Compliance
Given today's highly regulated environment, how can you control risk, drive performance, and inspire greater stakeholder confidence? To address these requirements, forward-thinking organizations are moving toward an integrated program of governance, risk, and compliance (GRC) management. Download this SAP white paper to learn about a GRC approach that can help you confidently address all regulatory- and business-related risks while lowering your overall cost of compliance.

The State of the Art in Finance
Benchmarking is an important tool that finance organizations use to stay competitive. It allows them to determine the value of adopting best practices and changing business processes. To assess the trends in the finance function and identify best practices, APQC (formerly known as The American Productivity and Quality Center) has evaluated the performance of over 130 finance organizations. The study included these key processes: Financial strategy and planning Internal controls Treasury Revenue accounting (order to cash) General accounting Fixed assets and project accounting Accounts payable and expense reporting Tax Payroll This SAP Insight report discusses the results of the APQC survey, as well as research performed by SAP, in light of the current state of the finance function in U.S. companies, the challenges to that function, and the road map to increasing its strategic capabilities.

Optimizing Your IT Controls Environment for Compliance with Multiple Regulations
This IDC white paper focuses on the compelling need for today's businesses to understand how they can more efficiently manage multi-regulation compliance. It reviews certain regulations and how to track which pieces of what regulations are fulfilled when security solutions are deployed. The paper: Reviews a subset of regulatory legislation and industry standards Illustrates common overlaps in certain regulations and standards Offers a "best practice" option for tracking certain aspects of each regulation and ensuring each is covered by a corresponding technological solution The small subset of regulations and standards covered in this white paper include CobiT, HIPAA, ISO 17799:2005, ITIL, the PCI Data Security Standard, and Sarbanes-Oxley (SOX). They are the focus of IDC's research because they affect a large number of corporate entities and their customers. (Sponsored by Symantec)

Experience the benefits of Information On Demand--Open the Information Management Door
What's behind the door? An interactive tour of resources and information based on industry expertise and today's critical information challenges. Register and enter a landscape of solutions. Videos, white papers, executive briefs, and guides to products show you how to leverage Information On Demand to lower costs, manage risk and complexity, gain insight, and much more. Open the door and see what Information On Demand can do for you.

Sustainable Governance
In this webcast, you'll hear how IBM's latest product release is helping customers adopt a more holistic approach towards IT governance to drive results and deliver ROI. You'll learn how this significant evolution of the IBM Rational toolset provides a solid foundation for regulatory compliance oversight, globally distributed development, and continuous process improvement.

IT Project and Portfolio Management and Application Life Cycle: Understanding the Market and Enabling IT/Business Coordination
Today, Global 2000 organizations are striving to gain strategic advantage and efficiencies of scale through better governance and management of IT projects and programs. This executive level white paper from IDC offers in-depth analysis into the benefits of integrating Application Life-Cycle Management and IT Project Portfolio Management capabilities and processes to enable qualitative assessments about project/program success. This is a must read for IT leaders tackling the strategic and operational challenges of IT/business alignment, off-shoring, outsourcing and regulatory compliance.

Top 10 Reasons Why Online Backup is Replacing Tape
Your most important asset - your corporate data - is far too valuable to entrust to cumbersome tape processes, unreliable backup media, and painstakingly slow recoveries. Small and medium-sized businesses (SMBs) are rapidly turning to online backup and recovery to displace older, manual, less reliable tape backup. In fact, a staggering 76.5% of IT professionals plan to change the way they do backup over the next 18 months. Online backup promises to address the challenges posed by traditional tape backup solutions. This white paper explores why today's SMBs use online backup and recovery to protect their SQL database, Exchange, application and file servers. Learn the top ten reasons why SMBs are embracing online backup and recovery to protect server data including automatic, continuous data protection (CDP), secure offsite storage, and data encryption for reliable server backup and disaster recovery.

Inside RIM for Databases: An ILM Approach to Database Archiving
If your database archiving solution isn’t living up to your expectations for improving application performance, reducing storage costs, and meeting regulatory compliance, it may be time to rethink your entire storage environment. This white paper from HP can help you do just that. It highlights the benefits of taking an Information Lifecycle Management (ILM) approach to managing data growth, and explains how HP StorageWorks Reference Information Manager for Databases (RIM for Databases) can help you boost application performance and availability, increase storage efficiency, and comply with a growing body of legal and regulatory requirements.

An Overview of HP RISS
Download this informative report from the Taneja Group for an in-depth analysis of HP’s Reference Information Storage System (RISS). The report highlights the key benefits of RISS’s smart cell architecture and its approach to active archiving. Learn what key differentiators set the RISS solution apart from its competitors, and find out how RISS’s object model architecture inherently satisfies the most fundamental requirements for regulatory compliance.

^back to top

HIPAA

Bronson Healthcare Group Expedites Patient Care and Meets HIPAA Requirements With Netapp Solution
Bronson Healthcare Group is a community-owned, not-for-profit healthcare system headquartered in Kalamazoo, Michigan, that has been serving patients since 1900. The challenge was to eliminate imaging bottlenecks, support 20% annual growth rates and build in scalability for growth. Bronson teamed with its PACS vendor, eMed Technologies, to select a networked storage solution using a NetApp Fabric-Attached Storage (FAS) system to provide high-speed access to a large volume of digital images managed by the eMed Matrix PACS system. The health system then launched a second project to completely eliminate film and improve access to historical images stored on the optical disk system.

Evaluating Secure Remote Desktop Access Models
This Tolly report compares Software as a Service (SaaS) via Citrix® GoToMyPC® Corporate to traditional virtual private networks (VPNs). The report also includes a side-by-side comparison chart and a detailed cost analysis.

Leveraging GoToMyPC Corporate to Boost Productivity
In this new white paper, discover how to improve overall corporate productivity by leveraging Web-based remote access such as Citrix® GoToMyPC® Corporate.

TechNet Webcast: Supporting HIPAA Compliance With SQL Server 2008 (Level 200)
In this webcast, the presenter provides insights for firms concerned with Health Insurance Portability and Accountability Act (HIPAA) compliance that are looking for ways to take advantage of Microsoft SQL Server 2008 features to help meet their compliance requirements. SQL Server 2008 provides numerous robust technical security and auditing features and functionality. The presenter focuses on features supporting the technical safeguard requirements of the HIPAA Security Rule and pay particular attention to features used by firms storing, processing, or transmitting electronic Protected Health Information (ePHI), including database auditing capabilities, Transparent Database Encryption (TDE), Extensible Key Management (EKM), policy-based management, and reporting services.

HIPAA 5010 and ICD-10: The Road to Compliance
Healthcare payers and providers are facing two major compliance initiatives over the next couple of years: conversion from the HIPAA 4010 electronic transaction set to the 5010 set and conversion from ICD-9 codesets to ICD-10. These initiatives will impact nearly every core process, system and interface across the industry, and industry costs are expected to be in the billions of dollars. Although healthcare stakeholders are facing 2012 and 2013 regulatory deadlines, few have begun actively planning for conversion. Industry research has shown that many organizations are still in the information gathering phase, trying to assess potential impacts on themselves, their vendors and business partners.

Which Hospitals Are Complying With HIPAA: An Empirical Investigation of US Hospitals
Since the passage of HIPAA regulation, US hospitals have gone on a high gear by investing organizational resources on HIPAA policy and procedures, information technologies, and information privacy & security safeguards to achieve compliance status by the enforcement dates. Yet, recent industry report, conducted post HIPAA enforcement deadlines, presents a bleak picture of HIPAA compliance, raising concerns for the privacy and security of patient data, as well transactional efficiency of hospitals. Drawing from organizational sociology and organizational behavior literature the paper examines propensity of hospitals being fully compliant with privacy, security and transaction rules of HIPAA.

HIPAA Compliance: An Examination of Institutional and Market Forces
One would think that the enactment of the HIPAA, with its mandates on data security and privacy, would have brought a major shift in the security management practices within the US healthcare. Unfortunately, recent industry reports indicate low levels of regulatory compliance, thus raising security concerns for the US health IT infrastructure. This research develops a regulatory compliance model by drawing insights from the institutional theory literature to identify the key drivers influencing HIPAA compliance, both institutional and market forces (e.g., variability in state-level privacy laws comprehensiveness, interdependency between privacy and security rules, pressure from compliance leaders in the region, compliance officer's functional background, and the consumer concern for privacy).

Novell Case Study: Enloe Medical Center
Enloe Medical Center is a 391-bed hospital serving more than 400,000 residents in a six-county region in Northern California. Physicians and clinicians at Enloe Medical Center were frustrated by having to remember multiple passwords to access patient care applications. The center implemented Novell SecureLogin to provide single sign-on access, reducing passwords by 85 percent and login times by 60 percent. The medical center also improved its ability to comply with increasingly stringent HIPAA requirements.

Protecting Patient Health Information in the HITECH Era: Security Challenges for Adopting Health Information Technology to Comply With HIPAA and the HITECH Act
The American Healthcare system is getting a complete facelift thanks to incentives to adopt Health Information Technology introduced by the Health Information Technology for Economic and Clinical Health (HITECH) Act. Signed into law by President Barack Obama in February 2009, the HITECH Act is part of the American Recovery and Reinvestment Act. It is also part of the broader healthcare reform initiative championed by President Obama. That agenda includes a push for the adoption of interoperable data capture, storage and transmission protocols in healthcare systems. New health information technology is considered to be a vital step in the drive to reduce costs, gain efficiencies, and ultimately to improve patient care.

Supporting Compliance: A Network Approach
With the significant increase in compliance related mandates put upon IT organizations today, Enterasys has written this white paper to explain the approach to supporting compliance through advanced policy-driven networking. Regulatory compliance and governance mandates are new and daunting issues for any IT organization. These requirements for compliance can come from outside the organization in the form of government legislation, such as HIPAA or Sarbanes-Oxley. They can also come from the inside of the organization in the form of organizational governance edicts from executive management. In either case, the network infrastructure must play a role in supporting the often abstract requirements of compliance, while at the same time ensuring that the business objectives of the organization are still being met.

What Every CIO Needs to Know About HIPAA Compliance
Compliance with HIPAA is mandatory and violators face up to $250,000 in fines and jail time of up to 10 years. HIPAA regulations are intended to protect such data as a patient's medical records and personal healthcare information. HIPAA affects organizations that transmit protected health information in electronic form (e.g. health plans, healthcare clearinghouses and healthcare providers). The law maintains that healthcare organizations implement a wide variety of safeguards and security best practices in order to adequately protect customer data. Full compliance requires that these entities understand the threats and liabilities and take proactive measures to maintain reasonable and appropriate safeguards in three areas: administrative, physical and technical.

^back to top