CyberScrub Data Disk Drive Erasure Compliance- HIPAA SOX GLB FACTA

home > resources library

CyberScrub Network Products


Articles	Audiocasts/Podcasts		Government Reports
RSS Feeds
Compliance Solution Advisors Gramm-Leach-Bliley Sarbanes-Oxley		Regulatory Compliance SEC Rule 17A-4 HIPAA

This library offers a collection of information and resources specifically focused on computer security, data destruction, document life-cycle solutions, compliance and password management. All resources are available to post and distribute on your website, forums, blogs and other compilations, with the strict stipulation that these works must be published in their entirety, with full credit and notice given to their origin and copyright. You may also link directly to these items. Please contact us if you have any questions regarding re-publication or distribution.

Our goal is to develop a comprehensive security portal. We welcome your suggestions and will work hard to include information you may require. This project is in constant development, and your suggestions for additional content are very much appreciated.

We invite relevant, on-topic submissions for inclusion. If you are interested in submitting papers, audiocasts or other media, please contact us. We will also consider the exchange of links as applicable.

Articles

Legal Requirements to Delete EU Personal Data by James M. Jordan
This paper, prepared by the former Chief Privacy Leader and Senior Counsel for E-Commerce & Information Technology of General Electric Company is required reading for those assigned the stewardship of European-based personal data and records.

Data Destruction and Document Life Cycle Policies:
Considerations for Compliance with Federal Mandates and Acts
A perspective on issues relating to Electronic Data Retention and how this relates to compliance with federal and state regulations such as Sarbanes-Oxley (SOX), HIPAA, FACTA, Gramm-Leach-Bliley (GBL) and other.

The Seven Sins of Degaussing
Degaussing a hard drive is a procedure that utilizes a machine to produce strong electromagnetic fields that destroy magnetic data on a disk. While many are initially impressed with the speed of this process, there are serious disadvantages to degaussing.

Security Issues with Decommissioning Magnetic Media
This document describes practical considerations of taking magnetic media out of useful service of transferring such media to other departments of organizations. After raising awareness of the security, business and legal concerns, the document evaluates different techniques for the reader to be able to assess his options. Finally, the cyberCide™ product is presented as a cost-effective solution to address these risks.

Legal and Regulatory Violations Caused by Not Destroying Data Before Discarding
A comprehensive chart referencing various types of data and the acts and regulations they are subject to. An essential resource for compliance.

Practical Uses of CyberScrub Technology to Ensure the Secure Deletion of Data
This paper will touch briefly on the practical applications of deploying CyberScrub products and technology to 1) wipe free and slack space on hard drives and 2) affect the transparent secure erasure of selected files and folders through standard keyboard interaction.

^back to top

Audiocasts/Podcasts

AUDIOCAST/PODCAST
Listen to this informative talk by noted attorney and Ziff Davis Security Virtual Tradeshow panelist Jon Neiditz. Topics include the implications of data destruction in reference to federal compliance acts and policies.

^back to top

Government Reports

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE
An astounding number ( >40%) of health insurance contractors and state Medicaid agencies experienced a breach of PHI and other privileged health information within the last 24 months, according to a new Government Accounting Office report.

^back to top

Compliance Solution Advisors Headlines

^back to top

Gramm-Leach-Bliley Act Headlines

ISO17799 and the Gramm-Leach Bliley Act
The ISO17799 is widely regarded as a broad and comprehensive standard for information security best practices. Derived from the pre existing British Standard 7799, this standard has arguably established itself as the premier benchmark for information security. However, increasing awareness of the dangers present and the need for tight controls has resulted in regulations governing critical verticals and also general corporate governance practices. The earliest such regulation is the Gramm-Leach Bliley Act (GLOBE). This regulation is targeted at financial institutions and places relatively clear requirements on firms to implement and maintain security controls and to ensure that financial data is not compromised due to failures of security at the institution or at any of their partners and vendors.

How Compliant is YOUR Email Archive?
Failure to archive your emails can have dire consequences for your business. Do any of these regulations impact you? Sarbanes-Oxley (SOX) Act HIPAA Gramm-Leach Bliley Act (GLBA) Securities and Exchange Commission (SEC) Rules National Association of Securities Dealers (NASD) Rules Investment Dealers Association (IDA) of Canada Rules If so, click through and complete the short questionnaire to receive your personalized Compliance Report and information on e-mail archiving for compliance, storage, and discovery from Computhink.

What Can 2007 Teach Us About 2008?
2007 was a tumultuous year for U.S. businesses and employees, filled with extreme highs and disappointing lows. Private equity garnered nearly $400 billion in mega deals in merely six months, and news of multiple billion-dollar acquisitions (Chrysler, Alltel and CKX) illustrated a trend of public companies going private. However, financial markets soon shifted and companies felt the backlash. Lenders scrutinized borrowers with tougher standards, limiting access to capital. After several months of market volatility, market direction remains unclear. We face a Catch-22: business leaders are conservative in making projections as they look for a cue from the markets, and the markets look for a cue from business leaders regarding new initiatives. Each month, Tatum, LLC surveys its financial and technology executives regarding current business conditions and economic trends. With nearly 1,000 executives serving companies of all sizes across a broad base of industries in every geographic region of the United States, the Tatum Survey of Business Conditions takes a representative pulse of business activity. This document contains results and analysis from Tatum's Survey of Business Conditions from May through December 2007. Survey topics include private equity, M&A, regulatory compliance and reporting, and financial executive pressures.

Trust and Competitive Advantage: An Integrated Approach to Governance, Risk Management and Compliance
Burned by Enronesque accounting scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a company's shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.

CIO Strategies for Retention and Deletion of Email and Electronic Information
Over the past two years, major changes to the Federal Rules of Civil Procedure and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-discovery capabilities to respond rapidly to litigation. Check out this TechRepublic Webcast, now available on demand, to learn about critical changes to the Federal Rules of Civil Procedure and what those changes mean "in plain English" for your business. You'll learn CIO strategies for: Determining appropriate retention and discovery requirements for email and electronically stored information. Involving stakeholders across your organization to respond to this challenge. Ensuring that email is always available and data is never lost. Providing search, discovery and recovery of electronic information. Avoiding pitfalls in managing a records retention and data discovery effort.

E-mail Compliance: Security Solutions for Regulatory Requirements
E-mail has become a critical component in the daily operations of all organizations. Current market demands require that e-mail be available around the clock. Information Technology professionals are tasked with keeping e-mail servers in perfect working order, reducing the amount of incoming spam and protecting their networks from viruses and malware. New laws require even more diligent archiving and reporting. This important white paper discusses the major regulations in place to protect confidential customer information, uphold corporate governance and protect law enforcement investigations and their impact on businesses. Regardless of size, your company may now have to archive all business communications and prove that the data you are keeping is secure from tampering. Get this vital white paper and learn what to expect when your organization must comply with HIPAA, GLBA, SOX and others. Download your copy today!

An Integrated Approach to Managing Governance, Risk, and Compliance
Given today's highly regulated environment, how can you control risk, drive performance, and inspire greater stakeholder confidence? To address these requirements, forward-thinking organizations are moving toward an integrated program of governance, risk, and compliance (GRC) management. Download this SAP white paper to learn about a GRC approach that can help you confidently address all regulatory- and business-related risks while lowering your overall cost of compliance.

Realtime Publishers: Understanding how privacy and government regulations affect email compliance
Email compliance is just one instance of the regulatory impact on IT operations. There are a number of privacy and corporate governance regulations that apply to email services, and the list of such laws is likely to grow. Fortunately, many regulatory requirements coincide with business requirements for security, business continuity, and operations management. Sound email management driven by business needs can go a long way toward compliance as well. This article examines some of the more well-known regulations that have an impact on email management practices, then explores the most effective way to comply with these regulations.

Policy and IT Controls Compliance Challenges and Solutions
Achieving compliance requires a set of methodologies and disciplines that give executives a better picture of the security of their enterprise and help them improve it. Written by Richard LeVine of Accenture, this white paper describes the benefits of compliance, the depth of work required to achieve it, and some powerful tools that increase the effectiveness of compliance efforts.

Managing Access to Critical Data for Protection and Privacy
One common mistake that organizations make is to use Identity Management solutions in isolation. Doing so risks access inflation, workarounds, and coverage gaps. This white paper shows how comprehensive access management deploys identity management within a framework that includes disciplines for data protection, integration with hiring and promotion, and monitoring.

Compliance with the Payment Card Industry Data Security Standard: Meeting the Challenge with Symantec Technology
At a high level, the 12 major security requirements under PCI (the Payment Card Industry Data Security Standard) seem fairly easy to implement and maintain. Upon closer examination, however, it becomes clear that attaining and maintaining compliance is a much more complex endeavor than it may seem. This paper breaks down each PCI requirement and details how Symantec solutions can help you get - and stay - compliant.

Online Publisher Meets Goal of Providing Compliance Week Users with the Most Effective Search Application
Financial Media Holdings Group (FMHG) is the parent company of Compliance Week, the industry's definitive newsletter on corporate governance issues. In mid-2005, the company sought a commercial search application that would enable its users to find what they need when they need it. Among its top requirements, FMHG sought a solution with: A sophisticated, flexible architecture The ability to support custom conversion and preprocessing applications A customizable user interface Download this case study to learn why FMHG's quest ultimately led them to Coveo Enterprise Search, and why the company is so pleased with its selection.

The Power of Integration: McAfee's Strategy for Security Risk Management
This paper outlines how McAfee security risk management solutions can help enterprises streamline their security risk and compliance management processes today and in the future, while maximizing their level of business availability, data protection, and return on investment.

Tackle Your Security and Compliance Challenges
Expanding regulatory compliance and heightened security means companies must adopt a strategic approach to security risk management. By doing so, organizations can reduce their risks of non-compliance and increase efficiency.

Take Security to the Next Level with Automated Compliance Reporting
Complying with the information security provisions of business regulations such as HIPAA, SOX, and the Gramm-Leach-Bliley Act can be expensive, but the potential cost of non-compliance is even greater. Enter McAfee® Preventsys®, a solution that calculates compliance-related risks, automates compliance reporting, and eliminates the need for costly, manual pre-audits. Listen to this TechRepublic Webcast to hear McAfee's Gail Aurenz, Preventsys Sales Manager, and Kevin Reardon, Director, Solution Services, explain how Preventsys automates the process of mapping technical checks to business policies, giving you a consistent and affordable way to demonstrate security compliance. McAfee Preventsys is a single-vendor solution that: Simplifies the pre-auditing and reporting processes Reduces the time required to run an assessment—from hours to minutes Saves money by creating a repeatable, organized, and automated assessment process Integrates disparate, third-party tools Reduces the need to consult with compliance experts Compliance auditing doesn't have to be a labor-intensive, error-prone, and costly manual process. Check out this TechRepublic Webcast, sponsored by McAfee and now available on demand, to learn how McAfee Preventsys can help take the guesswork out of complying with today's most far-reaching business regulations.

^back to top

Sarbanes-Oxley Headlines

Avoiding the Compliance Trap for Travel and Expenses
Organizations weighing Travel and Expenses (T&E) automation should look beyond the value of streamlining the process to solutions that include analytic and reporting features that enforce compliance controls and provide audit evidence while minimizing business risks associated with uncontrolled spending and fraud. These more robust solutions are part of the extended enterprise applications market experiencing greater investment as a result of governance, risk, and compliance requirements. Read this IDC paper to get answers to the following questions posed by travel and expense management services provider Concur to Kathleen Wilhide, research director for IDC's Compliance and Business Performance Management (BPM) Solutions research, on behalf of Concur's customers: What are the compliance issues surrounding employee travel and expense management? Which industries are particularly at risk for noncompliance, and why? What can companies do to improve internal controls and compliance? How is the value proposition for automating T&E evolving? What should companies look for in an on-demand provider of travel booking and expense reporting solutions?

Improving Intercompany Reconciliation for a Faster Close
In 2007, businesses moved beyond the initial need to comply with legislation like the Sarbanes-Oxley Act (SOX) and instead focused on driving sustainability and control into their corporate processes. Of the various initiatives supporting this shift, the fast close--a concept used to describe a corporation's ability to complete its accounting cycles and close its books quickly--is perhaps one of the best documented. This SAP/Business Objects paper examines the issues behind intercompany reconciliation and outlines how certain companies have made impressive progress in improving the flow of communication during the intercompany process, removing it from the close's critical path and improving the quality of data.

The Fast Close: Achieving Quick Wins and Big Wins
The "fast close," a concept used to describe a corporation's ability to complete its accounting cycles and close its books quickly, is re-emerging as an important project for today's global finance function. For a brief period in the late 1990s, companies became more efficient at closing their books and reporting their financial information, but compliance regulations such as International Financial Reporting Standards (IFRS) and the Sarbanes-Oxley Act (SOX) of 2002 placed additional reporting rules on organizations worldwide. What followed was a period of more methodical approaches to preparing numbers in accordance with generally accepted accounting principles (GAAP) and statutory requirements, as many companies became reluctant to close their books quickly for fear of submitting inaccurate financial statements. In the United States, for example, close cycles have slowed down by an average of seven days during each of the past three years. This white paper from SAP/Business Objects discusses how corporate finance centers can overcome the barriers to fast close by shifting processes such as intercompany reconciliation outside the close process and by automating traditionally manual consolidation functions such as foreign currency translation adjustments, minority interest and equity calculations, and automatic cash flows.

Sarbanes-Oxley Compliance With IBM Rational Method Composer and IBM Rational Portfolio Manager
This paper is a true-to-life account of an exchange among software development team colleagues, showing how Rational Method Composer and Rational Portfolio Manager provide everything organizations need to build compliance delivery processes and detect early warning signs of events that may be candidates for SOX disclosure. It also illustrates that robust compliance processes pay dividends as they support cost-effective GDD (Geographic Distributed Development) models.

The Case for Document Management
Are you asking how to avoid court-imposed sanctions? Are you wondering how to keep the escalating costs of electronic and paper discovery to a minimum? Whether the objective is to handle litigation, deliver new contracts, or projects, companies today need solutions that promote teamwork. However, common bottlenecks inhibit many organizations from achieving their peak performance: Risk imposed by compliance regulations and corporate guidelines Quality problems and delivery delays caused by inefficient processes Lack of coordination between external partners, vendors, parties and clients Difficulties in capturing, finding, and leveraging organizational knowledge The ViewWise Document Management Solution can help your organization address compliancy and eDiscovery efforts. Computhink's ViewWise was created to assist organizations by helping eliminate the content burden that surrounds most offices today. ViewWise does this by helping organizations with access, archiving, storage, security, workflow and tracking of Electronic Content, while providing simple options for scanning, integrating, importing, and classifying.

Managing Growth and Cash Flow and Small and Mid-Sized Companies
According to the Small Business Administration, 80 percent of small businesses fail in the first year. Sadly, the problem is often cash flow, not lack of sales. Companies in growth mode are especially vulnerable to this problem. The attendee of this webcast will learn proven strategies for avoiding cash flow problems and the three safest and smartest ways to grow business. The presenters discuss how to finance and grow business without losing control or compromising mission statement. The attendee will also learn about the new double bottom line and why it may be important to the future success of the business.

Email Archival: "For Compliance, Discovery & Storage"
View this recorded Webcast, presented by Lisa Morgan, Director Channel Programs, and Vince Smolek, Technical Services Mgr. for Computhink.

Compliancy & Document Management: "The Critical Connection"
View this on-demand Webcast, presented by Doug Brennecke, V.P. Sales, Computhink, and featuring guest speaker Tom von Gunden, chief editor of enterprise content management news and solutions site ECM Connection.

A Sarbanes-Oxley Compliance Program That Saves Cash: Link Sarbanes-Oxley Requirements to Business Improvement
Successful quality - and compliance - is a continuous improvement process that demands a closed-loop control structure. Technology-enabled quality in the "Financial data factory" provides a significant ROI. Sarbanes-Oxley compliance becomes a dimension of overall quality. Continuous inspection solutions from Oversight Systems provide precise results and a leveraged environment for improving quality in financial operations.

Segregation of Duties in the Real World: Risk-Based SoD Management With Continuous Monitoring Lowers Compliance Costs
Segregation of duties in the real world demands top-down management that eliminates financial risk without adding overhead costs or extinguishing ERP-fueled efficiency gains of the last decade. Fortunately, auditors and government regulators are moving beyond simple checklists of mandates to advocate a risk-based approach to SOX compliance and internal controls. This is great news for finance executives and compliance managers who can lead their companies to reduce compliance costs while accomplishing the ultimate goal of SOX - financial integrity. This white paper highlights the challenges to managing segregation of duties, builds a case for risk-based SoD management, and discusses technology solutions for continuous monitoring that deliver affordable and effective SOX compliance.

Best Practices Under Audit Standard 5
With the introduction of the Sarbanes-Oxley Act (SOX) in 2002, companies have had to dramatically ramp up regulatory compliance efforts. Based on the guidance they received, companies began factoring a compliance check list into almost every process. Controls were designed to cover every possible source of financial reporting fraud. As these controls became more cumbersome, companies found it an increasing strain to comply with SOX regulations - and still, they failed to prevent the fraud these requirements were supposed to address, as evidenced by recent headlines regarding financial misstatements and deceit on the part of some very high-profile corporations.

A Business Guide to Compliance - Baker & McKenzie
The use of electronic data is rapidly increasing, and companies must find ways to manage it now so that they effectively control compliance risks. Proper archiving, retention, monitoring, filtering, and encryption of electronic data are no longer an option - it is imperative. Learn the top 10 ways to plan for managing electronic data and avoiding tomorrow's legal risks through archiving, e-discovery, and encryption.

Getting ahead of security issues, compliance regulations and IT processes
It can be difficult to ensure the confidentiality and integrity of your critical data with customers demanding 24/7 secure access to their data and regulators applying pressure on your business. In this Risk, Compliance and Security e-Kit for Financial Institutions, you'll learn about IBM security solutions that proactively protect against worms, viruses and other threats. There is a Tower Group white paper on the need for stronger consumer banking authentication, a study about innovative solutions for identifying, measuring, and optimizing operational risks and an ISS case study about staying on top of new vulnerabilities. Plus, six other reports on preventive solutions to security.

DeviceLock for Sarbanes Oxley Compliance
Despite its very stringent requirements, SOX has ultimately become the unspoken standard in corporate governance. Even companies that are not listed on US exchanges now prefer to incorporate provisions of this law in order to increase their competitiveness, attract more interest from investors and partners, and better protect their corporate assets.This document addresses SOX requirements that affect a company's data infrastructure, including the means of securing data collected and maintained by the company. It also describes how DeviceLock, a SmartLine product can be used to easily achieve strong compliance in the area of data security.

^back to top

Regulatory Compliance Headlines

Develop a HIPAA Privacy Policy
Most medical administrators have grappled with the issue of developing a HIPAA-compliant privacy policy. They have either developed a policy themselves or delegated the task to a staff member, possibly a medical group records administrator or hospital privacy official. But some administrators have not yet tackled this challenge for a number of reasons. Possibly their organizations were previously exempt from compliancy because they did not file electronic claims, a prerequisite for classification as a provider under the HIPAA guidelines. Possibly the organizations were programmatically exempt, such as a workers' compensation carrier or workers' compensation supporting organization. Other previously exempt organizations may have experienced a "Privacy incident" involving the inadvertent disclosure of Protected Health Information (PHI), which motivated the organization to "Reach for compliance."

Healthcare Group Upgrading to SQL Server 2008 to Better Protect 2 Terabytes of Data
Based in Boston, CareGroup is the corporate parent of Beth Israel Deaconess Medical Center, a teaching hospital of Harvard Medical School, and three other area hospitals. CareGroup hosts its data on 390 databases on 30 instances of Microsoft SQL Server 2005. The organization is updating databases to SQL Server 2008 to take advantage of new features including advanced auditing and transparent encryption to help it meet HIPAA and other regulatory requirements. CareGroup is using Policy-based Management, new for SQL Server 2008, to enforce policy and schema across its operations, and is centralizing reporting using SQL Server 2008 Reporting Services accessed through a portal created using Microsoft Office SharePoint Server 2007.

PCI DSS and HIPAA: The Security Standards Share Common Ground
One of the greatest challenges that the electronic transactions industry faces today is the issue of security requirements under various rules and regulations. For most people in the industry, the issue is focused on the specifics of the Payment Card Industry Data Security Standard (PCI DSS), but the issue may be much broader than that. Many other security sets are currently operative and they interface with the merchant population that the industry serves. Federal legislation with security requirements include HIPAA (the Hospital Insurance Portability and Accountability Act) of 1996 Title II, the Graham-Leach-Bliley Act of 1999, ground in the merchant services field.

Are you prepared to meet the January 2009 California Pedigree Law?
Implementing new serialization on pharmaceutical products can be confusing. Vendors, trade partners and the industry offer conflicting information -- and California's new drug tracking requirements only add to the confusion; they're clear about what needs to be done, but not how. The first step toward compliance is serialization -- and IBM can help. This paper explains why the IBM Serialization Pilot Kit with TAGSYS RFID is an inexpensive, low risk way to rapidly pilot and evaluate HF RFID for item-level serialization in packaging operations. Get the paper and get started on the new compliance requirements today!

Achieving HIPAA Security Standards Compliance by Implementing an ISO/IEC 27000 Series Information Security Management System
This paper has been prepared to provide those organizations having an interest in compliance with the US Health Insurance Portability and Accountability Act (HIPAA - 1996, revised 2003) Security Standards, especially those in the business of handling 'Electronically protected health information', with an understanding of the inter-relationship between those Security Standards and the growing series of international standards addressing Information Security Management Systems (ISMS). The paper shows how these ISMS standards can be applied by a business to demonstrate its compliance with the HIPAA whilst providing additional benefits, such as broader assurance across the whole (or a well-defined sub-unit) of an organization's information security management system and certified compliance of that system based upon an internationally-recognized scheme which will be acknowledged by business partners, investors, and customers.

Controlling the Uncontrollable: Managing eDiscovery Risk at the Edge
A large enterprise spent $12.5 million to review documents that were past their retention period during a discovery. Sound familiar? Hear from information risk technology leader NextPage during this TechRepublic Webcast, now available on demand, to learn how your enterprise can delete and preserve the information residing on the edge -- hard drives, scattered shared drives, key drives, and e-mail attachments. While you can't totally eliminate enterprise information risk, you can proactively minimize the potential adverse effects of your current unmanaged documents. Eighty percent of enterprise documents reside on end user machines and scattered shared drives and with over 7.5 billion office documents created annually, getting a handle on the situation has proven difficult in the past. Most ROIs to reduce the cost of eDiscovery start with more effective handling of documents during a discovery. But the fact of the matter is if you can actively enforce your written document retention policy on the edge you get document compliance and decreased costs. By proactively tracking and classifying new documents you stop the problem, control the information, and become prepared for the next eDiscovery. Then you can evaluate how to handle the legacy issues. View this important Webcast today to learn more about protecting your enterprise!

Email Archival: "For Compliance, Discovery & Storage"
View this recorded Webcast, presented by Lisa Morgan, Director Channel Programs, and Vince Smolek, Technical Services Mgr. for Computhink.

^back to top

SEC Rule 17A-4

Email archiving - Are you feeling lucky?
Businesses of all sizes are struggling with ever growing electronic information volume and content. Although email is not the only electronic information, it is by far the fastest growing both in volume and sensitivity. Not only are companies worried about security risks but they are equally challenged with constant capacity planning, performance and reliability issues due to email growth. More importantly, recent regulations such as Federal Rules of Civil Procedure (FRCP) and state laws are imposing extra burden on IT organizations to have auditable archiving policies and be able to produce emails as evidence in case of a dispute. Small, Medium and Large organizations are looking to understand best practices in e-Discovery and find ways to offload their challenges and lower their cost and risk. View this informative Webcast from TechRepublic to learn: What is e-Discovery? Does it apply to your organization? What are the typical message discovery challenges companies face? What innovation is Google bringing to this market? How is that changing the way people archive and retrieve email? What are the next steps for you to learn more and reduce risk for your company? Hear from George Socha, a leading expert in e-Discovery and President of Socha Consulting LLC. George is the co-author of the leading survey on the electronic discovery market, The Socha-Gelbmann Electronic Discovery Survey, now beginning its sixth year. You'll also hear Bill Kee, Product Marketing Manager for Google Message Discovery Service.

CIO Strategies for the Retention and Deletion of Email
With new regulations and the recent changes to the Federal Rules of Civil Procedure, legal departments are turning to IT leadership to manage retention, deletion, search and recovery of email and other Electronically Stored Information (ESI). CIOs must track billions of email messages, database records and desktop files, know where they are, ensure they are secure, delete them on schedule, and be able to produce them as required. How does an organization ensure a successful retention strategy? This whitepaper provides CIOs with useful information about litigation issues surrounding email and ESI as well as information on how to define and implement a retention and deletion strategy. Also included is an overview of MessageOne's on-demand EMS Email Archive - service, the first SaaS archiving solution capable of painlessly solving email retention, deletion, search and e-Discovery challenges.

Compliance Made Easier - Osterman Webinar
MessageLabs takes your business compliance needs seriously. The compliance webinar, "Why You Need to Focus on SEC & NASD," featuring Michael Osterman from Osterman Research, demonstrates the various compliance issues companies face and how MessageLabs can help you comply with these regulations. document.write('')

Sarbanes-Oxley Compliance Issues
Compliance issues have always plagued financial businesses, but the Sarbanes-Oxley Act (SOA) of 2002 increased the level of concern companies face concerning accounting and reporting regulations. The law, which applies to all firms that issue securities traded on US securities markets, contains several requirements for firms to comply with. It greatly behooves any company that must adhere to the SOA to maintain and archive their business communication in such a manner that it adheres to compliance guidelines. Read the literature MessageLabs has produced specific to the SOA to learn how your organization can better manage its business communications. document.write('')

Data Quality, Compliance, and Risk for Financial Institutions
Poor data quality is endemic in most financial institutions, with risk managers frequently citing a lack of clean, high-quality data as the biggest inhibitor to achieving their risk management and regulatory compliance objectives. To combat the problem, Informatica offers data quality scorecarding capabilities -- a metrics-driven approach to measuring, tracking, and reporting on data quality defects. Read this informative white paper to learn more about it.

Debunking Common Myths and Misconceptions about E-mail Archiving
Unless you're among the mere 20 percent of organizations that have already implemented a complete message archiving solution, you're probably struggling to balance budgetary and resource constraints with growing e-mail volumes, increased regulatory requirements, and corporate e-discovery needs. Or perhaps you simply believe that your organization doesn't need to archive its e-mail. Whatever your reasons, you can't afford to defer e-mail archiving forever. This TechRepublic Webcast debunks several common misconceptions that are keeping many companies from actively tending to their message archiving and e-discovery needs. Listen to learn why these and other myths simply aren't true: We're not in a regulated industry, so we don't need to archive. It's better to purge e-mail frequently in order to eliminate "smoking guns." If we have a 90-day deletion policy, regulatory auditors and the courts will let us off the hook if we can't produce data. Backups will suffice as our "archive." On-premise archiving systems are always cheaper than hosted/managed solutions. Now available on demand, this Webcast explores regulatory compliance and e-discovery issues as well as the latest trends in message archiving. Listen today!

Security and control: The smarter approach to malware and compliance
The continuing evolution of malware threats combined with the demand for increasingly flexible working practices is a significant challenge to IT departments seeking to reduce help desk support and get better value for money from their investment in security. This paper looks at how organizations can benefit from a more integrated, policy-driven approach to protecting the network at all levels and controlling both user access and behavior.

^back to top

HIPAA

Email Archival: "For Compliance, Discovery & Storage"
View this recorded Webcast, presented by Lisa Morgan, Director Channel Programs, and Vince Smolek, Technical Services Mgr. for Computhink.

ICD-10: Turning Regulatory Compliance Into Strategic Advantage - Are U.S. Health Plans and Providers Ready for ICD-10 Adoption?
As if existing IT investments weren't a large enough strain on provider and payor budgets, the U.S. health care industry is facing a new challenge: ICD-10 (International Statistical Classification of Diseases and Related Health Problems, Version 10) implementation. In 2011, per the mandate of Senate Bill 628, the United States will move from the ICD-9 system of disease classification to ICD-10, a much more complex system that reflects recent advances in disease detection and treatment via biomedical informatics, genetic research and international data-sharing. U.S. ICD-10 adoption has the potential to revolutionize the nation's health care system and produce a huge wave of IT spending. However, the process will require a massive overhaul of the nation's medical coding system. In fact, some industry observers say that ICD-10 could overtake Y2K in terms of impact and cost. ICD-10: Turning Regulatory Compliance into Strategic Advantage, a new paper from the Deloitte Center for Health Solutions, part of Deloitte LLP, describes the impact of the proposed move to ICD-10 on U.S. health plans and providers and discusses the need to prepare for this change now. Specifically, it looks at the potential impacts of ICD-10 compliance on three camps of health care organizations: Pragmatists, Collaborators, and Innovators.

A Layered Approach to Laptop Security for Healthcare
The shift towards electronic health records makes laptop management and data breach prevention a growing challenge. The loss of one computer puts patient privacy at risk, and exposes organizations to damaging publicity and HIPAA compliance issues. This whitepaper discusses IT asset tracking solutions to meet the challenges of laptop theft, mobile data security and simple, accurate management of computer inventory. Learn how a multi-layered strategy combines encryption with the ability to track computers off the local area network (LAN), physically recover stolen laptops and remotely delete sensitive data.

11-Hospital Health System Manages Growing Fleet of Laptops
As a leading healthcare provider with a state-of-the-art electronic health record system, Allina Hospitals & Clinics required a way to protect its rapidly growing laptop population from computer theft and potential data breach. Find out how the hospital system deployed Computrace asset tracking to monitor 2,700 laptops on and off its network and enhance IT asset auditing capability from 30% to well over 95%.

Regulatory Compliance and the IBM Mainframe: Key Requirements
Generally, a governmental regulation does not specify what technology is required in order to meet its requirements. In fact, many regulations do not even specify any details of an effective internal control. Therefore, administrators and compliance officers are left to determine what methods they will use to meet the often vague requirements within each regulation. In the area of overall corporate governance, the internal control framework developed by the Committee of Sponsoring Organizations of the Treadway Commission (COSO) has become widely adopted. Although COSO contains requirements for a range of areas of governance, there is little in the COSO framework regarding specific IT controls.

Improve patient care by improving the capabilities of your PACS
As your healthcare organization makes the transition to digital imaging and recordkeeping, you face a whole new set of technological challenges. But if you can transform the overwhelming amount of data into usable information, you can access records faster and more reliably - and benefit from operational efficiencies and better patient care. The IBM Healthcare Medical Imaging eKit includes three case studies on firms that resolved scalability and maintenance issues; a white paper by a global consulting firm on safeguarding data; an article from Medical Imaging and IT on storage challenges; and IBM white papers on business and clinical innovations and comprehensive financing packages.

Lower your blood pressure when it comes to securing patient data
Protecting patient data is a huge task. Compliance regulations make the challenge even bigger. In this IBM Healthcare Security Executive Kit, you'll learn how to safeguard data more effectively, reduce regulatory compliance risks and lower operating expenses associated with security. You'll even see how to dispose of old equipment in a safe, environmentally friendly manner. There's an information security assessment, a case study from the University of Colorado Hospital and white papers about stopping insider attacks and protecting against viruses, worms and spyware. And that's just for starters. This is one healthcare security eKit you need to download right now.

On the Move with St. Joseph's Hospital
Wisconsin-based St. Joseph's Hospital wanted to increase the productivity of its nurses and the quality of its patient care through mobility. They required a remote access solution that could provide high-level security, critical medical records access from anywhere within their multi-story facility, and sustain application sessions as their clinicians roamed in and out of coverage areas. With Mobility XE, St. Joseph's mobile device reliability improved, patient information security increased and built-in redundancy accommodated their 24/7 operation.

^back to top