CyberScrub Data Disk Drive Erasure Compliance- HIPAA SOX GLB FACTA

home > resources library

CyberScrub Network Products


Articles	Audiocasts/Podcasts		Government Reports
RSS Feeds
Compliance Solution Advisors Gramm-Leach-Bliley Sarbanes-Oxley		Regulatory Compliance SEC Rule 17A-4 HIPAA

This library offers a collection of information and resources specifically focused on computer security, data destruction, document life-cycle solutions, compliance and password management. All resources are available to post and distribute on your website, forums, blogs and other compilations, with the strict stipulation that these works must be published in their entirety, with full credit and notice given to their origin and copyright. You may also link directly to these items. Please contact us if you have any questions regarding re-publication or distribution.

Our goal is to develop a comprehensive security portal. We welcome your suggestions and will work hard to include information you may require. This project is in constant development, and your suggestions for additional content are very much appreciated.

We invite relevant, on-topic submissions for inclusion. If you are interested in submitting papers, audiocasts or other media, please contact us. We will also consider the exchange of links as applicable.

Articles

Legal Requirements to Delete EU Personal Data by James M. Jordan
This paper, prepared by the former Chief Privacy Leader and Senior Counsel for E-Commerce & Information Technology of General Electric Company is required reading for those assigned the stewardship of European-based personal data and records.

Data Destruction and Document Life Cycle Policies:
Considerations for Compliance with Federal Mandates and Acts
A perspective on issues relating to Electronic Data Retention and how this relates to compliance with federal and state regulations such as Sarbanes-Oxley (SOX), HIPAA, FACTA, Gramm-Leach-Bliley (GBL) and other.

The Seven Sins of Degaussing
Degaussing a hard drive is a procedure that utilizes a machine to produce strong electromagnetic fields that destroy magnetic data on a disk. While many are initially impressed with the speed of this process, there are serious disadvantages to degaussing.

Security Issues with Decommissioning Magnetic Media
This document describes practical considerations of taking magnetic media out of useful service of transferring such media to other departments of organizations. After raising awareness of the security, business and legal concerns, the document evaluates different techniques for the reader to be able to assess his options. Finally, the cyberCide™ product is presented as a cost-effective solution to address these risks.

Legal and Regulatory Violations Caused by Not Destroying Data Before Discarding
A comprehensive chart referencing various types of data and the acts and regulations they are subject to. An essential resource for compliance.

Practical Uses of CyberScrub Technology to Ensure the Secure Deletion of Data
This paper will touch briefly on the practical applications of deploying CyberScrub products and technology to 1) wipe free and slack space on hard drives and 2) affect the transparent secure erasure of selected files and folders through standard keyboard interaction.

^back to top

Audiocasts/Podcasts

AUDIOCAST/PODCAST
Listen to this informative talk by noted attorney and Ziff Davis Security Virtual Tradeshow panelist Jon Neiditz. Topics include the implications of data destruction in reference to federal compliance acts and policies.

^back to top

Government Reports

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE
An astounding number ( >40%) of health insurance contractors and state Medicaid agencies experienced a breach of PHI and other privileged health information within the last 24 months, according to a new Government Accounting Office report.

^back to top

Compliance Solution Advisors Headlines

^back to top

Gramm-Leach-Bliley Act Headlines

Achieving Federal Desktop Core Configuration Compliance (FDCC) with Lumension® Solutions
The Federal Desktop Core Configuration (FDCC) is an Office of Management and Budget (OMB) mandated security configuration set applicable within United States Federal Government agencies. Private enterprises may also choose to utilize this established framework as a foundation for their own security configuration baselines. All federal agencies that utilize or plan an upgrade to either Windows XP or Vista must report compliance, with FDCC reporting requirements dictated by the standard FISMA reporting guidance. The FDCC specific configuration requirements are generally based on the "Principle of Least Privilege" restricting user and machine rights. This whitepaper examines the FDCC requirements, the compliance challenges including vulnerability management, change control, and system security management and also highlights how Lumension's SCAP Validated FDCC scanner is integrated with a complete vulnerability management solution to effectively enable compliance with these standards.

Improve Performance, Reduce Data Growth Costs - Archiving ERP Applications
View this Webcast to find out from the experts how effective application archiving can help you effectively manage your production database, control data growth, and ultimately improve your bottom line. You'll learn to: Improve performance of the production environment Archive or purge inactive transactional data automatically to an online database or offline flat file Maintain complete application integrity Comply with data retention regulations Reduce application storage footprint Enable accessibility to archived data Further your bottom-line savings with application retirement Sponsored by:

Developing a Sustainable IT Compliance Program
Today's IT compliance environment is becoming increasingly complex, driven by pressures in both the legislative environment and in technology itself. The legislative environment around IT is extremely complicated and changing rapidly. Companies must now respond to legislation at the state, national, and international levels — nvironments which are complex and often ontradictory. At the same time, the legal penalties for non-compliance and data breaches are skyrocketing. New technology trends are simultaneously increasing the complexity of the computing environment, making compliance more difficult and issues more nebulous. Read this ExecBlueprint, featuring insights from three top compliance attorneys, to see why IT leaders must partner with their peers throughout the organization to create a complete compliance program that is robust and sensitive to the forces continually shaping the landscape.

Dynamic Warehousing for Banking Buyer's Guide: A comprehensive solution for leveraging data in today's financial industry
Most organizations realize that the key to success lies in how well they manage data—and the banking industry is no exception. From customer statistics to strategic plans to employee communications, financial institutions are constantly juggling endless types of information. Not only does this data provide the basis for major corporate moves, it also impacts business on a more granular level by helping to maintain customer loyalty and improve staff productivity. Simply put, a bank's information is its lifeline. That's why it's critical for financial institutions to be able to access relevant data when it's needed most.

Privilege Access Control For Compliance with Gramm-Leach-Bliley Act (GLBA)
Symark PowerBroker enables IT compliance with the Gramm-Leach-Bliley Act protecting consumers' non-public personal information on UNIX & Linux systems. Gartner's paper on the importance of controlling UNIX superuser privileges is reviewed to explain the security gap between UNIX operating system design and GLBA compliance. PowerBroker bridges that gap--securing private consumer information through privilege delegation, encryption, and accountability.

Passing Compliance Audits in Heterogeneous UNIX/Linux Datacenters
Lack of access controls in native UNIX/Linux operating systems prevents them from passing today's compliance audits. Security issues surrounding the practice of sharing access to privileged accounts and the absence of least-privilege access control makes accountability a near impossibility. Symark Software's PowerBroker enables IT departments to bring these systems into compliance with multiple mandates such as PCI DSS, SOX, HIPAA and GLBA. PowerBroker creates RBAC-like access control that simplifies and lowers the costs security administration across heterogeneous platforms.

Getting in Compliance with Government Data Regulations by Leveraging Online Security Technology
Concerned your site is not in compliance with serious data regulations? Be sure to stay on top of regulations such as PCI, HIPAA, Sarbanes-Oxley, FISMA and others which help keep your customers safe. Learn about these regulations and how to comply with them when you read this free white paper, "Getting in Compliance With Government Data Regulations By Leveraging Online Security Technology."

iSeminar: Meeting the Challenges of Compliance
This Internet seminar explores the compliance issues facing midsize organizations and how Oracle solutions can resolve them affordably and efficiently.

Identity Management for Midsize Businesses: Reducing Costs, Securing Data and Ensuring Compliance
This whitepaper highlights the unique needs of midsize businesses and explores the factors driving them toward stronger identity management platforms, such as Oracle Identity Management.

How to Manage Compliance Requirements Across Your Emerging or Midsize Organization
Companies need a systemic way to manage compliance requirements across the organization. Oracle's unified approach is more sustainable, cost-effective, and adaptable than ad-hoc approaches to governance and compliance.

Oracle Business Brief: Make Compliance Work for You
Learn how to make compliance work for you, rather than the other way around, with Oracle solutions for midsize organizations.

EMS Rapid Archive: Email archiving service providing rapid e-Discovery search and flexible retention policy management
Recent revisions to the Federal Rules of Civil Procedure (FRCP) and many state court rules establish new requirements for the rapid discovery and production of email messages. For many organizations, the cost of implementing archiving solutions capable of meeting these requirements have kept these solutions just out of reach. Dell MessagOne's EMS Rapid Archive is the first solution to provide the critical archiving functionality to rapidly meet FRCP legal discovery requirements in a low cost, maintenance-free, SaaS service. EMS Rapid Archive securely stores email off-site based on specific email retention policies. EMS helps companies manage email retention and deletion based on corporate policies, helps save messages in compliance with regulatory requirements, and facilitates rapid discovery and production of email for legal purposes -- all for a fraction of the cost of other archiving systems. Unlike on-premise alternatives, EMS can be quickly and cost-effectively deployed for any subset of users. In as little as a day, EMS can provide immediate e-Discovery and legal hold capabilities for pending litigation. Download this brief guide for a description of how EMS Rapid Archive works, and learn how it can help your organization centralize email retention, deletion and search!

TechRepublic SolutionSeries: Compliance Issues and Small Business
Small businesses have too much to worry about already. When words like compliance are uttered, small business owners may cringe with uncertainty or see their costs soaring. Others may simply ignore the word, pretending it doesn't exist, and hoping not to get caught. Whether it's HIPAA, GLBA, or others, small businesses have felt the crunch when trying to comply with confusing standards. In this 37 page SolutionSeries document, we'll examine have been examining compliance issues from the perspective of the small business who may be struggling to understand the "who," "what," "when" and "where" of all of this. This download is available for free as part of a TechRepublic Pro membership.

CIO Strategies for Retention and Deletion of Email and Electronic Information
Over the past two years, major changes to the Federal Rules of Civil Procedure (FRCP) and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect their business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-Discovery capabilities to respond rapidly to litigation. Listen to this TechRepublic Webcast, sponsored by Dell MessageOne and featuring Howard Nirken, Partner with DuBois, Bryant & Campbell, LLP, to learn about critical changes to the Federal Rules of Civil Procedure and what those changes mean "in plain English" for your business. Now available on demand, this Webcast highlights strategies that CIOs are increasingly adopting for: Determining appropriate retention and discovery requirements for email and electronically stored information Involving stakeholders across your organization to respond to this challenge Ensuring that email is always available and data is never lost Providing search, discovery and recovery of electronic information Avoiding pitfalls in managing records retention and data discovery efforts

Email is Critical...and Out of Control!
More than 75% of the average company's intellectual property is contained in email messages and their attachments. As a result, email has quickly become the file server of choice for most of us - and a headache for compliance managers. The value of unified information access to live and archived email via desktop or mobile device is becoming increasingly important for today's businesses - from end users to the board room, where compliance is an ongoing pain point. View this educational TechRepublic Webcast, where Nick Patience, Managing Analyst with The 451 Group and Louis Tetu, Coveo's Executive Chairman, discuss: The growing importance of accessing information from live and archive email servers How rapid access to all email content sets the stage for compliance and e-discovery initiatives The business value of having complete mobile access to live and archived email content Join TechRepublic and Coveo for this informative on-demand Web seminar and learn how to get started today! Coveo offers a full trial of Coveo G2B for Email complete with all the services you may need to quickly deploy and try this powerful new solution.

^back to top

Sarbanes-Oxley Headlines

Achieving Sarbanes-Oxley Act Section 404 Compliance With Check Point Solutions
SOX Section 404 provides a turning point for most IT organizations in their efforts to develop and document the IT security controls and processes needed to support financial reporting. Protecting the integrity of information and controlling access to resources are not only essential elements for the preservation of a company but are also requirements for compliance. Check Point security solutions can be leveraged to help fulfill many specific COBIT Control Objectives that will form the foundation for compliance with requirements set forth in SOX Section 404. With Check Point, one can rest assured with the most proven unified security architecture that provides a robust infrastructure from the perimeter to the endpoint.

Addressing Compliance Requirements for Privacy, Data Retention, and e-Discovery
Protecting individual and financial data, retaining data, and meeting e-discovery requirements are common compliance requirements across geographies and industries. Finding accurate, usable, and cost-effective solutions for meeting these requirements can make the difference between achieving compliance goals or leaving the organization vulnerable through unsecured use of sensitive data. Trend Micro security solutions for endpoint data leak protection, email encryption, and email archiving help organizations meet their compliance requirements -easily and cost-effectively.

Cautious Growth: Tending to Your Core Business
When CEOs who are content specialists start or take over a company in their field, they can often become so involved in day-to-day operations that they lose sight of the other half of their mission: to formulate long-term strategy. However, the opposite can also occur: a visionary CEO can become so involved in planning for tomorrow that he or she over-delegates the business of today. This ExecBlueprint discusses how to maintain a balance between your company's present needs and future prospects. The key is to work at growing and sustaining the company at the same time. Not only, therefore, must growth plans be carefully developed and tested, today's CEO should also not fail to serve present customers as well as seek out growth opportunities in its main line of business. Throughout this process, the authors remind us, the company should also endeavor to focus on quality, treat its employees fairly, and give back to its community.

Archiving Compliance with Sunbelt Exchange Archiver
Archiving for compliance is an important step in securing your company's future. New regulations are aimed at enforcing companies to take the responsibility before the need to produce electronic documents as evidence exists. Archiving policies must be carefully planned to ensure that business practice continues unfettered without compromising compliance. Taking the steps now to implement an e-mail archiving solution is not only cost-saving based on minimizing the burden of your Exchange server, but also in avoiding costly legal penalties.

Sarbanes-Oxley and Oracle E-Business Suite: Application Change Management Fundamentals for Compliance
This paper discussed the three key components required for effective Oracle E-Business Suite application change management, specifically to enable compliance with the "Internal Controls" mandated by the Sarbanes-Oxley Act: workflow, a single repository architecture, and application technical depth. Quest Stat ACM is an enterprise application change management solution that fulfills these requirements.

Sarbanes-Oxley and Change Management: Implications for PeopleSoft Shops
This paper addresses the three key components found in a successful Sarbanes-Oxley change management solution for PeopleSoft Financials - workflow, a single repository architecture, and PeopleSoft application technical depth. This solution is based on the Quest Stat product, the best-of-breed enterprise application change management and version control solution for PeopleSoft Financials.

Server Room Security, Data Control, and Sarbanes-Oxley Compliance
The Sarbanes-Oxley Act of 2002 (SarbOx) was established specifically to address financial reporting for public companies. The accounting data that is the foundation for this financial reporting is invariably electronic-based, and as a result, needs to be adequately protected and controlled, both for the corporation's benefit as well as to comply with SarbOx. Individuals responsible for their organization's electronic data need to understand the level of protection their current security system provides, or doesn't provide, particularly in the area of server room access. This paper will examine SarbOx requirements for controlling data, discuss the risks inherent in traditional server room security, and outline specific solutions to protect electronic data and maintain SarbOx compliance by controlling and tracking access to the organization's server room, and consequently, its data.

Retention and Deletion Study
Most business decision-makers today are aware of the need for a document retention and deletion policy. Legal evidentiary requirements, regulatory compliance such as Sarbanes-Oxley, and a host of other mandates have made the managing of documents-everything from slide shows to e-mail attachments-a major part of a CIO's job. But while most efforts are focused on the server and e-mail sides, documents stored on users' desktop machines are often overlooked in document management plans. Considering that Gartner Group estimates that 80 percent of a company's documents reside on users' desktops, and that about a quarter of those are subject to regulatory compliance, this presents an obvious liability for businesses.

DeviceLock for Compliance With the Combined Code on Corporate Governance (UK)
The corporate governance systems of public companies listed on the London Stock Exchange (LSE) are governed by the Combined Code on Corporate Governance. The principles, rules and requirements set out in the Combined Code are aimed at increasing the effectiveness of information disclosure, thus increasing the transparency of public companies. They are also meant to put into place the means for internal control over financial reports and corporate assets in order to protect shareholder interests. Unlike the United State's very strict Sarbanes-Oxley Act of 2002 (SOX), the Combined Code's requirements are not mandatory.

IPO Readiness Meets Sarbanes-Oxley Compliance
Employees and investors create today's dynamic, high-growth fabless companies. Teams are formed to create great products, as well as great companies. The path from the first Research and Development (R&D) project to the Initial Public Offering (IPO) is a roller coaster of market and product ebbs and flows. Racing toward an IPO, building the company status and rewarding the hard work of a team, requires attention to the full array of requirements placed on a public company. The goal of this paper is to map business process and infrastructure requirements to the growth path of a fabless company, to overlay the SOX compliance requirements with these process requirements and to look at a few ways companies can leverage this infrastructure and these compliance models to improve overall business performance.

Manage security and compliance in an adverse economy in 2009 and beyond
Learn how to successfully safeguard your enterprise and manage the burden of compliance with Kristin Lovejoy, Director, IBM Corporate Security Strategy and Scott Crawford of analyst firm EMA. This webcast discusses how to protect company data and meet compliance needs on a restricted budget.

Compliancy Through Proper Tape Management
Off late government privacy and accountability regulations have led to sweeping overhauls of enterprise IT environments in an effort to become compliant. Tape management and, in particular, the use of a comprehensive tape management system can be an effective tool in helping companies become compliant with many of the regulations contained within the Gramm-Leach-Bliley Act, the Sarbanes-Oxley Act and HIPAA.

Email Archiving and Discovery Survey
No longer is email simply an ad hoc communication vehicle. Messages are now considered business records and are expected to be retained and managed like paper records. SEC, NASD, HIPAA and Sarbanes-Oxley regulations, to name a few, specify retention periods of at least three years, under penalty of hefty fines, and/or jail time. In addition, lawyers have come to view email stores as the repository for "The Smoking gun" in many lawsuits. Search and discovery requests for the contents of corporate mailboxes have become commonplace, while the ability to retrieve the requested data from system backup tapes has not.

The Top 10 Benefits of SaaS-enabled Email Management
Email is indisputably the most important business application for most organizations. Yet, managing it has always been a no-win proposition. Add the pressure of fewer people and resources as well as shrinking budgets these days, and it seems that the pain of managing email can only get worse. But don't despair, there's a new breed of managed SaaS-enabled email services that are modular, reliable, and secure for virtually any type of business. View this TechRepublic Webcast, available on-demand, to explore the alternatives to traditional on-site email management. This free event will show you how to: Effectively eliminate email downtime and reduce the risk of data loss Securely archive email with flexible retention and deletion policies Enjoy near-zero maintenance even while meeting the toughest enterprise class requirements View it today!

^back to top

Regulatory Compliance Headlines

Secure Remote Access for the Distributed Business: Challenges, Trends, and Considerations
Businesses today are defined by a wide variety of distributed work locations, and a diversity of worker types with differing information requirements. At the same time, a number of new information security and privacy regulations-such as PCI, Sarbanes-Oxley, Gramm Leach Bliley and HIPAA-are being phased in and toughened. These new realities present organizations with a new set of challenges that have begun to pose a serious dilemma. To stay competitive, an organization must provide workers and partners with remote access to sensitive information and applications around the clock. However, many of these new access locations and devices are unsecure and unmanaged.

Endpoint Security Considerations for Achieving HIPAA Compliance
The new number-one priority for America is to improve the efficiency of the nation's healthcare system-especially in the information technology arena. Experts say rising health costs are the main cause of long-term national budget problems, and that computerization of health records will drive down costs. Computerization will also bring an operational sea change, for currently less than one out of every five doctors in the U.S. uses electronic health records. This change will accelerate requirements to ensure the confidentiality, integrity, and availability of electronic protected health information (EPHI). Securing these records is one element of HIPAA, the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191).

Achieving a Clean Bill of Health in HIPAA Compliance With Check Point Solutions
Healthcare organizations face both opportunities and challenges from today's complex, interconnected environment in which electronic information is collected and exchanged at an ever-increasing rate. While electronic information exchange has the potential to deliver profound benefits, it also increases the exposure of sensitive information. Adding to the challenge are new technologies and a heightened demand by physicians, healthcare workers, and patients for flexible access to health information. The Health Insurance Portability and Accountability Act (HIPAA) security standards are designed to ensure that healthcare organizations maintain the confidentiality, integrity, and availability of sensitive patient information. These healthcare organizations must comply with HIPAA security standards that are vague and that offer little guidance about how to achieve compliance.

SenditCertified Provides HIPAA Compliant Solution for One of North Carolina's Largest Cardiology Groups
Mid-Carolina Cardiology (MCC) is one of the largest cardiovascular groups in the Carolinas. For 10 years, Mid Carolina Cardiology has utilized a robust electronic medical records system. However, what was lacking was a methodology to upload and transfer medical records electronically to other providers, hospitals and patients as well as a system for secure, HIPAA compliant email communication with patients. With this challenge in mind, MCC set out to find a solution to their problem. The SenditCertified technology single-handedly provided the medical and healthcare industries with a simple approach to quickly and securely communicating with patients at a substantial savings.

Achieving HIPAA Security Rule Compliance with Lumension® Solutions
Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online. Lumension helps organizations address these compliance challenges by providing the proactive risk management and the required audit readiness to meet many aspects of the HIPAA Security Rule.

Achieving Regulatory Compliance With EMC RecoverPoint
EMC RecoverPoint offers health care organizations the ability to cost-effectively implement the disaster recovery and business continuance mandated by various regulatory agencies. Its innovative replication technology assures the availability of data at a secondary site with no distance limitation and with guaranteed data consistency. Local backup protection is guaranteed with EMC's continuous data protection which ensures every write to a protected volume is stored in the RecoverPoint history journal and recoverable through the RecoverPoint GUI. In the face of any type of data loss, whether caused by "Fire, vandalism, system failure and natural disaster" as stated in HIPAA documentation, or by any other unprecedented event, RecoverPoint enables quick and complete data recovery, with no data loss.

Major Hospital Enhances Auditing Infrastructure Using SQL Server 2008
Beth Israel Deaconess Medical Center (BIDMC), a teaching hospital of Harvard Medical School, is the largest member of CareGroup Healthcare System. BIDMC needed a better auditing solution to help ensure compliance with the Health Insurance Portability and Accountability Act (HIPAA). BIDMC is upgrading to Microsoft SQL Server 2008 Enterprise database software and using resources from the SQL Server 2008 Compliance Software Development Kit to enhance its auditing infrastructure used for ensuring compliance with HIPAA and other regulations.

^back to top

SEC Rule 17A-4

Webcast: Top Ten Challenges with On-Premise Email Management
For most organizations, the costs and management burdens of ever more sophisticated email continuity and archiving systems is now a serious problem. To manage increasing data stores, complex retention policies, fast search and recovery of messages and disaster recovery, companies have many choices for on-premise or on-demand services. While on-premise solutions have been the norm, Dell MessageOne believes that the trend is now clearly favoring on-demand services designed to solve these problems. View this on-demand TechRepublic Webcast, sponsored by Dell MessageOneTM, to learn about the top ten challenges with on-premise email management, and how on-demand, managed services may provide you with a more cost effective and complete answer to email management. Learn how storage, search, recovery and e-Discovery as well as continuity may be more easily managed via a hosted solution. You will also receive an overview of Dell MessageOne and how it's on-demand Email Management Services (EMSTM) can uniquely solve these problems. View it today!

Compliance: SEC 17a-4/NASD 3010/3110
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today.

Controlling the Uncontrollable: Managing eDiscovery Risk at the Edge
A large enterprise spent $12.5 million to review documents that were past their retention period during a discovery. Sound familiar? Hear from information risk technology leader NextPage during this TechRepublic Webcast, now available on demand, to learn how your enterprise can delete and preserve the information residing on the edge -- hard drives, scattered shared drives, key drives, and e-mail attachments. While you can't totally eliminate enterprise information risk, you can proactively minimize the potential adverse effects of your current unmanaged documents. Eighty percent of enterprise documents reside on end user machines and scattered shared drives and with over 7.5 billion office documents created annually, getting a handle on the situation has proven difficult in the past. Most ROIs to reduce the cost of eDiscovery start with more effective handling of documents during a discovery. But the fact of the matter is if you can actively enforce your written document retention policy on the edge you get document compliance and decreased costs. By proactively tracking and classifying new documents you stop the problem, control the information, and become prepared for the next eDiscovery. Then you can evaluate how to handle the legacy issues. View this important Webcast today to learn more about protecting your enterprise!

The Case for Document Management
Are you asking how to avoid court-imposed sanctions? Are you wondering how to keep the escalating costs of electronic and paper discovery to a minimum? Whether the objective is to handle litigation, deliver new contracts, or projects, companies today need solutions that promote teamwork. However, common bottlenecks inhibit many organizations from achieving their peak performance: Risk imposed by compliance regulations and corporate guidelines Quality problems and delivery delays caused by inefficient processes Lack of coordination between external partners, vendors, parties and clients Difficulties in capturing, finding, and leveraging organizational knowledge The ViewWise Document Management Solution can help your organization address compliancy and eDiscovery efforts. Computhink's ViewWise was created to assist organizations by helping eliminate the content burden that surrounds most offices today. ViewWise does this by helping organizations with access, archiving, storage, security, workflow and tracking of Electronic Content, while providing simple options for scanning, integrating, importing, and classifying.

Email archiving - Are you feeling lucky?
Businesses of all sizes are struggling with ever growing electronic information volume and content. Although email is not the only electronic information, it is by far the fastest growing both in volume and sensitivity. Not only are companies worried about security risks but they are equally challenged with constant capacity planning, performance and reliability issues due to email growth. More importantly, recent regulations such as Federal Rules of Civil Procedure (FRCP) and state laws are imposing extra burden on IT organizations to have auditable archiving policies and be able to produce emails as evidence in case of a dispute. Small, Medium and Large organizations are looking to understand best practices in e-Discovery and find ways to offload their challenges and lower their cost and risk. View this informative Webcast from TechRepublic to learn: What is e-Discovery? Does it apply to your organization? What are the typical message discovery challenges companies face? What innovation is Google bringing to this market? How is that changing the way people archive and retrieve email? What are the next steps for you to learn more and reduce risk for your company? Hear from George Socha, a leading expert in e-Discovery and President of Socha Consulting LLC. George is the co-author of the leading survey on the electronic discovery market, The Socha-Gelbmann Electronic Discovery Survey, now beginning its sixth year. You'll also hear Bill Kee, Product Marketing Manager for Google Message Discovery Service.

Getting ahead of security issues, compliance regulations and IT processes
It can be difficult to ensure the confidentiality and integrity of your critical data with customers demanding 24/7 secure access to their data and regulators applying pressure on your business. In this Risk, Compliance and Security e-Kit for Financial Institutions, you'll learn about IBM security solutions that proactively protect against worms, viruses and other threats. There is a Tower Group white paper on the need for stronger consumer banking authentication, a study about innovative solutions for identifying, measuring, and optimizing operational risks and an ISS case study about staying on top of new vulnerabilities. Plus, six other reports on preventive solutions to security.

CIO Strategies for the Retention and Deletion of Email
With new regulations and the recent changes to the Federal Rules of Civil Procedure, legal departments are turning to IT leadership to manage retention, deletion, search and recovery of email and other Electronically Stored Information (ESI). CIOs must track billions of email messages, database records and desktop files, know where they are, ensure they are secure, delete them on schedule, and be able to produce them as required. How does an organization ensure a successful retention strategy? This whitepaper provides CIOs with useful information about litigation issues surrounding email and ESI as well as information on how to define and implement a retention and deletion strategy. Also included is an overview of MessageOne's on-demand EMS Email Archive - service, the first SaaS archiving solution capable of painlessly solving email retention, deletion, search and e-Discovery challenges.

What Can 2007 Teach Us About 2008?
2007 was a tumultuous year for U.S. businesses and employees, filled with extreme highs and disappointing lows. Private equity garnered nearly $400 billion in mega deals in merely six months, and news of multiple billion-dollar acquisitions (Chrysler, Alltel and CKX) illustrated a trend of public companies going private. However, financial markets soon shifted and companies felt the backlash. Lenders scrutinized borrowers with tougher standards, limiting access to capital. After several months of market volatility, market direction remains unclear. We face a Catch-22: business leaders are conservative in making projections as they look for a cue from the markets, and the markets look for a cue from business leaders regarding new initiatives. Each month, Tatum, LLC surveys its financial and technology executives regarding current business conditions and economic trends. With nearly 1,000 executives serving companies of all sizes across a broad base of industries in every geographic region of the United States, the Tatum Survey of Business Conditions takes a representative pulse of business activity. This document contains results and analysis from Tatum's Survey of Business Conditions from May through December 2007. Survey topics include private equity, M&A, regulatory compliance and reporting, and financial executive pressures.

Trust and Competitive Advantage: An Integrated Approach to Governance, Risk Management and Compliance
Burned by Enronesque accounting scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a company's shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.

Data Quality, Compliance, and Risk for Financial Institutions
Poor data quality is endemic in most financial institutions, with risk managers frequently citing a lack of clean, high-quality data as the biggest inhibitor to achieving their risk management and regulatory compliance objectives. To combat the problem, Informatica offers data quality scorecarding capabilities -- a metrics-driven approach to measuring, tracking, and reporting on data quality defects. Read this informative white paper to learn more about it.

An Integrated Approach to Managing Governance, Risk, and Compliance
Given today's highly regulated environment, how can you control risk, drive performance, and inspire greater stakeholder confidence? To address these requirements, forward-thinking organizations are moving toward an integrated program of governance, risk, and compliance (GRC) management. Download this SAP white paper to learn about a GRC approach that can help you confidently address all regulatory- and business-related risks while lowering your overall cost of compliance.

Realtime Publishers: Understanding how privacy and government regulations affect email compliance
Email compliance is just one instance of the regulatory impact on IT operations. There are a number of privacy and corporate governance regulations that apply to email services, and the list of such laws is likely to grow. Fortunately, many regulatory requirements coincide with business requirements for security, business continuity, and operations management. Sound email management driven by business needs can go a long way toward compliance as well. This article examines some of the more well-known regulations that have an impact on email management practices, then explores the most effective way to comply with these regulations.

Policy and IT Controls Compliance Challenges and Solutions
Achieving compliance requires a set of methodologies and disciplines that give executives a better picture of the security of their enterprise and help them improve it. Written by Richard LeVine of Accenture, this white paper describes the benefits of compliance, the depth of work required to achieve it, and some powerful tools that increase the effectiveness of compliance efforts.

Online Publisher Meets Goal of Providing Compliance Week Users with the Most Effective Search Application
Financial Media Holdings Group (FMHG) is the parent company of Compliance Week, the industry's definitive newsletter on corporate governance issues. In mid-2005, the company sought a commercial search application that would enable its users to find what they need when they need it. Among its top requirements, FMHG sought a solution with: A sophisticated, flexible architecture The ability to support custom conversion and preprocessing applications A customizable user interface Download this case study to learn why FMHG's quest ultimately led them to Coveo Enterprise Search, and why the company is so pleased with its selection.

Webcast: Optimizing the Role of Compliance in IT Governance Efforts
In addition to addressing the growing number of internal and external regulations, compliance can play a key role in identifying risks and demonstrating the efficiency and effectiveness of IT. View this on-demand IBM Webcast to see examples of common control objective areas that are not only important for regulatory reporting, but for the optimization of IT governance efforts. Learn how Tivoli solutions can turn managing compliance requirements from a reactive burden to a strategic advantage.

^back to top

HIPAA

Healthcare: How to Disappoint Your HIPAA Auditors and Gain the Respect of Your Board of Directors (not Necessarily in That Order)
With HIPAA audits now randomized, one must be prepared for them every day. And with state regulations requiring compliance\breach reporting, one must become their own auditor. HIPAA is the Health Insurance Portability and Accountability Act, the 1996 federal regulation that mandated health\data privacy. This regulation requires compliance by all insurers and health care providers, including physician's offices, hospitals, health plans, employers, public health authorities, life insurers, clearinghouses, billing agencies, information systems vendors, service organizations, and universities.

Community Medical Centers: On-Premise Implementation for HIPAA Compliance
Community Medical Centers is the central California's largest health care provider. Operating three acute-care hospitals, outpatient and ambulatory care facilities, rural clinics, and the largest Emergency Department in the state, the Center employs a staff of 6,200 and 1,100 physicians, and is the most comprehensive hospital system in the Valley Facing statutory compliance. Facing statutory compliance deadlines, Community Medical needed to implement stringent security measures to patient personal information sent via the Internet to comply with HIPAA regulations. Community implemented a cost-effective in-house solution that fully met HIPAA requirements and included a seamless integration with their Outlook email client.

Sutter Health Gains HIPAA Compliant E-mail Without Adding to IT Support Costs
Sutter Health is one of the nation's leading not-for-profit networks of community healthcare services, serving more than 100 communities in Northern California. Sutter Health needed to ensure the HIPAA-compliance of its e-mail system, but wanted its solution to be simple and inexpensive to deploy and maintain. The DataMotion solution, running on Microsoft technology, maintains all e-mail communications in secure storage, sending links for secure viewing by recipients.

Enterprise Single Sign-On SOS: The Critical Questions Every Company Needs to Ask
Whether prompted by the compliance requirements of HIPAA or GLBA, the growing need to strengthen IT security, or mounting user frustration due to forgotten passwords, more and more organizations are thinking seriously about implementing Enterprise Single Sign-On (ESSO). According to Giga Research analyst Steve Hunt, "Enterprise SSO works well and makes sense. It is a secure, cost effective tool for adding value to an organization. It would be wise for vendors to implement it today." This white paper is intended to make the ESSO evaluation process simpler and faster by identifying the critical questions one need to ask ESSO vendors as they evaluate their solutions.

Compliance and Beyond: Toward a Consensus on Identity Management Best Practices
When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996, For more than a decade, government and industry bodies around the world have issued a growing number of regulations designed - in whole or in part - to ensure the security, integrity and confidentiality of personal and corporate data. These mandates span a range of industries, from financial institutions to healthcare providers to utilities firms to retailers and beyond. Regulations are often mandatory and compliance must be verifiable. This white paper explores these compliance-driven best practices, how OneSign solutions support them, and how prioritizing their implementation makes good business sense beyond the fulfillment of compliance requirements.

Achieving HIPAA Compliance With Enterprise Single Sign-On
When the U.S. Congress passed the Health Insurance Portability and Accountability Act (HIPAA) of 1996, among the law's many provisions was the establishment of formal regulations designed to protect the confidentiality and security of patient information. Congress set a series of deadlines for healthcare institutions to comply with the new regulations, including an April 2005 deadline for compliance with the security requirements. In addition to mandating new policies and procedures, the HIPAA security regulations require mechanisms for controlling access to patient data on healthcare providers' Information Technology (IT) systems.

ICD-10: A Snapshot of Payer Readiness
Four out of ten payer organizations believe ICD-10 will require the same or less work as HIPAA and Y2K. That's as of today. As the healthcare industry moves closer to ICD-10 readiness, will that number change or stay the same? Initial survey results indicate that payers are still primarily in an education phase about ICD-10 and its implications to their organizations. Payers are also starting to recognize that making the shift to ICD-10 standards could be an opportunity to do much more than merely meet compliance requirements. Just as Y2K and HIPAA before it, ICD-10 can be the catalyst to take a global approach to IT planning.

Providing Secure and Convenient Bedside Access to Patient Data
Spencer Hospital is a 99-bed facility that is complemented by two family-practice clinics, two dialysis centers, the Abben Cancer Center, and a new cosmetic and reconstructive surgery clinic. To satisfy security and HIPAA requirements, the IT department set fairly short time-outs for viewing patient data screens. Though this ensured data would not be visible for an undue amount of time, it also impeded productivity. Spencer Hospital's director of IT and his team began evaluating potential vendors, they considered software-based solutions from CA and Citrix, and on the advice of their partner, CDW, they included Imprivata's OneSign appliance in the evaluation process. Over a period of 90 days, they sequentially implemented each solution on a trial basis of 30 days.

^back to top