CyberScrub Data Disk Drive Erasure Compliance- HIPAA SOX GLB FACTA

home > resources library

CyberScrub Network Products


Articles	Audiocasts/Podcasts		Government Reports
RSS Feeds
Compliance Solution Advisors Gramm-Leach-Bliley Sarbanes-Oxley		Regulatory Compliance SEC Rule 17A-4 HIPAA

This library offers a collection of information and resources specifically focused on computer security, data destruction, document life-cycle solutions, compliance and password management. All resources are available to post and distribute on your website, forums, blogs and other compilations, with the strict stipulation that these works must be published in their entirety, with full credit and notice given to their origin and copyright. You may also link directly to these items. Please contact us if you have any questions regarding re-publication or distribution.

Our goal is to develop a comprehensive security portal. We welcome your suggestions and will work hard to include information you may require. This project is in constant development, and your suggestions for additional content are very much appreciated.

We invite relevant, on-topic submissions for inclusion. If you are interested in submitting papers, audiocasts or other media, please contact us. We will also consider the exchange of links as applicable.

Articles

Legal Requirements to Delete EU Personal Data by James M. Jordan
This paper, prepared by the former Chief Privacy Leader and Senior Counsel for E-Commerce & Information Technology of General Electric Company is required reading for those assigned the stewardship of European-based personal data and records.

Data Destruction and Document Life Cycle Policies:
Considerations for Compliance with Federal Mandates and Acts
A perspective on issues relating to Electronic Data Retention and how this relates to compliance with federal and state regulations such as Sarbanes-Oxley (SOX), HIPAA, FACTA, Gramm-Leach-Bliley (GBL) and other.

The Seven Sins of Degaussing
Degaussing a hard drive is a procedure that utilizes a machine to produce strong electromagnetic fields that destroy magnetic data on a disk. While many are initially impressed with the speed of this process, there are serious disadvantages to degaussing.

Security Issues with Decommissioning Magnetic Media
This document describes practical considerations of taking magnetic media out of useful service of transferring such media to other departments of organizations. After raising awareness of the security, business and legal concerns, the document evaluates different techniques for the reader to be able to assess his options. Finally, the cyberCide™ product is presented as a cost-effective solution to address these risks.

Legal and Regulatory Violations Caused by Not Destroying Data Before Discarding
A comprehensive chart referencing various types of data and the acts and regulations they are subject to. An essential resource for compliance.

Practical Uses of CyberScrub Technology to Ensure the Secure Deletion of Data
This paper will touch briefly on the practical applications of deploying CyberScrub products and technology to 1) wipe free and slack space on hard drives and 2) affect the transparent secure erasure of selected files and folders through standard keyboard interaction.

^back to top

Audiocasts/Podcasts

AUDIOCAST/PODCAST
Listen to this informative talk by noted attorney and Ziff Davis Security Virtual Tradeshow panelist Jon Neiditz. Topics include the implications of data destruction in reference to federal compliance acts and policies.

^back to top

Government Reports

PRIVACY: Domestic and Offshore Outsourcing of Personal Information in Medicare, Medicaid, and TRICARE
An astounding number ( >40%) of health insurance contractors and state Medicaid agencies experienced a breach of PHI and other privileged health information within the last 24 months, according to a new Government Accounting Office report.

^back to top

Compliance Solution Advisors Headlines

^back to top

Gramm-Leach-Bliley Act Headlines

EMS Rapid Archive: Email archiving service providing rapid e-Discovery search and flexible retention policy management
Recent revisions to the Federal Rules of Civil Procedure (FRCP) and many state court rules establish new requirements for the rapid discovery and production of email messages. For many organizations, the cost of implementing archiving solutions capable of meeting these requirements have kept these solutions just out of reach. Dell MessagOne's EMS Rapid Archive is the first solution to provide the critical archiving functionality to rapidly meet FRCP legal discovery requirements in a low cost, maintenance-free, SaaS service. EMS Rapid Archive securely stores email off-site based on specific email retention policies. EMS helps companies manage email retention and deletion based on corporate policies, helps save messages in compliance with regulatory requirements, and facilitates rapid discovery and production of email for legal purposes -- all for a fraction of the cost of other archiving systems. Unlike on-premise alternatives, EMS can be quickly and cost-effectively deployed for any subset of users. In as little as a day, EMS can provide immediate e-Discovery and legal hold capabilities for pending litigation. Download this brief guide for a description of how EMS Rapid Archive works, and learn how it can help your organization centralize email retention, deletion and search!

TechRepublic SolutionSeries: Compliance Issues and Small Business
Small businesses have too much to worry about already. When words like compliance are uttered, small business owners may cringe with uncertainty or see their costs soaring. Others may simply ignore the word, pretending it doesn't exist, and hoping not to get caught. Whether it's HIPAA, GLBA, or others, small businesses have felt the crunch when trying to comply with confusing standards. In this 37 page SolutionSeries document, we'll examine have been examining compliance issues from the perspective of the small business who may be struggling to understand the "who," "what," "when" and "where" of all of this. This download is available for free as part of a TechRepublic Pro membership.

CIO Strategies for Retention and Deletion of Email and Electronic Information
Over the past two years, major changes to the Federal Rules of Civil Procedure (FRCP) and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect their business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-Discovery capabilities to respond rapidly to litigation. Listen to this TechRepublic Webcast, sponsored by Dell MessageOne and featuring Howard Nirken, Partner with DuBois, Bryant & Campbell, LLP, to learn about critical changes to the Federal Rules of Civil Procedure and what those changes mean "in plain English" for your business. Now available on demand, this Webcast highlights strategies that CIOs are increasingly adopting for: Determining appropriate retention and discovery requirements for email and electronically stored information Involving stakeholders across your organization to respond to this challenge Ensuring that email is always available and data is never lost Providing search, discovery and recovery of electronic information Avoiding pitfalls in managing records retention and data discovery efforts

Email is Critical...and Out of Control!
More than 75% of the average company's intellectual property is contained in email messages and their attachments. As a result, email has quickly become the file server of choice for most of us - and a headache for compliance managers. The value of unified information access to live and archived email via desktop or mobile device is becoming increasingly important for today's businesses - from end users to the board room, where compliance is an ongoing pain point. View this educational TechRepublic Webcast, where Nick Patience, Managing Analyst with The 451 Group and Louis Tetu, Coveo's Executive Chairman, discuss: The growing importance of accessing information from live and archive email servers How rapid access to all email content sets the stage for compliance and e-discovery initiatives The business value of having complete mobile access to live and archived email content Join TechRepublic and Coveo for this informative on-demand Web seminar and learn how to get started today! Coveo offers a full trial of Coveo G2B for Email complete with all the services you may need to quickly deploy and try this powerful new solution.

Compliance: The Gramm-Leach-Bliley Act of 1999
The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999, was enacted in part to protect consumers' private financial information. It allows consumers to control the use of their private information and to secure and protect that information from unauthorized use or access. With identity theft, "phishing," "pharming," and other highly publicized examples of large scale financial information theft and abuse receiving attention, companies of all sizes are under increasing scrutiny regarding their compliance with GLBA.

Address the key implications for compliance management
Regulatory compliance can definitely drain IT resources. This white paper describes how IBM Service Management offers a compliance strategy that's streamlined, automated and repeatable for businesses of any size. It also shows how this compliance solution aligns IT processes with business goals.

ISO17799 and the Gramm-Leach Bliley Act
The ISO17799 is widely regarded as a broad and comprehensive standard for information security best practices. Derived from the pre existing British Standard 7799, this standard has arguably established itself as the premier benchmark for information security. However, increasing awareness of the dangers present and the need for tight controls has resulted in regulations governing critical verticals and also general corporate governance practices. The earliest such regulation is the Gramm-Leach Bliley Act (GLOBE). This regulation is targeted at financial institutions and places relatively clear requirements on firms to implement and maintain security controls and to ensure that financial data is not compromised due to failures of security at the institution or at any of their partners and vendors.

How Compliant is YOUR Email Archive?
Failure to archive your emails can have dire consequences for your business. Do any of these regulations impact you? Sarbanes-Oxley (SOX) Act HIPAA Gramm-Leach Bliley Act (GLBA) Securities and Exchange Commission (SEC) Rules National Association of Securities Dealers (NASD) Rules Investment Dealers Association (IDA) of Canada Rules If so, click through and complete the short questionnaire to receive your personalized Compliance Report and information on e-mail archiving for compliance, storage, and discovery from Computhink.

Why You Need Email Encryption: Use Case Scenarios
"Identity theft is a top concern for consumers right now, so we can't let their credit card information get into the wrong hands. Proofpoint is extremely accurate at detecting any sensitive information that's being sent out and it allows us to automatically encrypt that data so it's always safe." - Steven Romero, Systems Engineer, Outback Steakhouse DSS, GLBA, HIPAA, OMB, PCI, and PIIG are just a few of the standards and regulations that place additional constraints on how data is stored, processed, and transmitted. Adopting best practices for protecting the sensitive or private information valued by your company, customers, employees and partners adds a new complexity to email security. Outbound email and other electronic communications (such as web-based email, blog postings, FTP and other messaging streams) pose a significant risk for data loss or data leakage. Solutions to mitigate this risk must include easy to use, policy-based encryption to make it simple to securely communicate with customers and partners. In this web seminar, Proofpoint product manager Andrew Vu presents real world case studies about organizations that have deployed Proofpoint's unified data loss prevention and email encryption solutions. View this web seminar replay and learn: Why email encryption is an important component of an organization's overall security architecture. How leading organizations are using Proofpoint's unified data loss prevention and email encryption solution to ensure message privacy, enforce internal policies, comply with data protection and privacy regulations and protect valuable intellectual property. How your organization can send financial statements, patient health information or other sensitive material securely over email, ensuring compliance with regulations including GLBA and HIPAA. About Proofpoint's breakthrough single-appliance solution for email security, multi-protocol data loss prevention and policy-based email encryption.

Regulations Shift Focus on Outbound Email Security: The Impact of HIPAA, PCI, PIIG and Other New Government and Industry Guidelines on Email Security Policies
Email is the lingua franca of business today. It is the conduit that allows employees to share information, companies to work with partners, and increasingly, provides a way for companies and their customers to interact. Enterprises today deal with an ever-increasing number of email-related threats. Most are familiar with the problems of virus-infected email attachments and productivity-draining spam, but now companies must also address the threats posted by outbound email. Read this paper to learn about the impact of relatively new data protection regulations and standards such as the Payment Card Industry (PCI) Data Security Standard (DSS) and the Office of Management and Budget (OMB) Personally Identifiable Information Guidelines (PIIG) which place new constraints on how data is stored, processed, and transmitted over email.

What Can 2007 Teach Us About 2008?
2007 was a tumultuous year for U.S. businesses and employees, filled with extreme highs and disappointing lows. Private equity garnered nearly $400 billion in mega deals in merely six months, and news of multiple billion-dollar acquisitions (Chrysler, Alltel and CKX) illustrated a trend of public companies going private. However, financial markets soon shifted and companies felt the backlash. Lenders scrutinized borrowers with tougher standards, limiting access to capital. After several months of market volatility, market direction remains unclear. We face a Catch-22: business leaders are conservative in making projections as they look for a cue from the markets, and the markets look for a cue from business leaders regarding new initiatives. Each month, Tatum, LLC surveys its financial and technology executives regarding current business conditions and economic trends. With nearly 1,000 executives serving companies of all sizes across a broad base of industries in every geographic region of the United States, the Tatum Survey of Business Conditions takes a representative pulse of business activity. This document contains results and analysis from Tatum's Survey of Business Conditions from May through December 2007. Survey topics include private equity, M&A, regulatory compliance and reporting, and financial executive pressures.

Trust and Competitive Advantage: An Integrated Approach to Governance, Risk Management and Compliance
Burned by Enronesque accounting scandals, investors and governments are imposing rigorous reporting requirements to keep companies on the straight and narrow. These reactions are a symptom of a fundamental force in the economy: a crisis of trust among stakeholders of corporations. Stakeholders are not only a company's shareholders, but also customers, employees, business partners and communities, and in recent years their trust has been profoundly shaken. Naturally, they are now trying to protect themselves, often via legislation.

On-demand Webcast: CIO Strategies for Retention and Deletion of Email and Electronic Information
Over the past two years, major changes to the Federal Rules of Civil Procedure and the increase in state and federal compliance regulations have created new challenges for companies as they struggle to manage email retention and deletion policies. To successfully maintain compliance and protect business in the event of litigation, companies must understand these changes. Implementing new strategies for email will enable organizations to effectively set and manage email retention and deletion policies, as well as provide robust search and e-discovery capabilities to respond rapidly to litigation. Check out this TechRepublic Webcast, now available on demand, to learn about critical changes to the Federal Rules of Civil Procedure and what those changes mean "in plain English" for your business. You'll learn CIO strategies for: Determining appropriate retention and discovery requirements for email and electronically stored information. Involving stakeholders across your organization to respond to this challenge. Ensuring that email is always available and data is never lost. Providing search, discovery and recovery of electronic information. Avoiding pitfalls in managing a records retention and data discovery effort.

E-mail Compliance: Security Solutions for Regulatory Requirements
E-mail has become a critical component in the daily operations of all organizations. Current market demands require that e-mail be available around the clock. Information Technology professionals are tasked with keeping e-mail servers in perfect working order, reducing the amount of incoming spam and protecting their networks from viruses and malware. New laws require even more diligent archiving and reporting. This important white paper discusses the major regulations in place to protect confidential customer information, uphold corporate governance and protect law enforcement investigations and their impact on businesses. Regardless of size, your company may now have to archive all business communications and prove that the data you are keeping is secure from tampering. Get this vital white paper and learn what to expect when your organization must comply with HIPAA, GLBA, SOX and others. Download your copy today!

An Integrated Approach to Managing Governance, Risk, and Compliance
Given today's highly regulated environment, how can you control risk, drive performance, and inspire greater stakeholder confidence? To address these requirements, forward-thinking organizations are moving toward an integrated program of governance, risk, and compliance (GRC) management. Download this SAP white paper to learn about a GRC approach that can help you confidently address all regulatory- and business-related risks while lowering your overall cost of compliance.

^back to top

Sarbanes-Oxley Headlines

Proving Compliance with McAfee Total Protection for Data
Companies feel a sense of security from encrypting data stored on corporate systems − on desktops, laptops and mobile devices. They believe this act will protect their intellectual property, and sensitive customer information will remain safe and secure from unauthorized access. But that is not enough. Simply encrypting this information doesn't help you prove compliance with external regulations or internal controls during a financial audit or legal discovery process. Find out why you must be able to present irrefutable proof of who, what, where, when, and how your information was protected − or face financial penalties, legal liabilities, brand damage, customer distrust, and more.

Aventine Renewable Energy Uses Document Management to Automate Financial Processes, Increase Efficiency, and Meet Sarbanes-Oxley Requirements
For several years Aventine had been generating PDF invoices via their Oracle ERP system and filing them daily in a single file folder. Having 200,000+ invoices filed only by date, Aventine had a significant document management problem. To retrieve a specific invoice, someone had to manually search through file folders, each containing hundreds of invoices. Document Locator has done everything Aventine wanted and more. This document management system was capable of converting PDF invoices to full-text searchable records without the need to scan paper.

Borland Software Case Study: SUPERVALU
SUPERVALU INC. is one of the largest companies in the United States grocery industry. The company wanted to ensure software delivery Predictability and support iterative development. The challenge was to improve business-IT communication and comply with Sarbanes-Oxley. After searching for several vendors SUPERVALU deployed Borland software for its solution and implemented Borland CaliberRM.

Lowara Leverages Performance Management System to Support Data Integration and Standardization
Lowara wanted to guarantee traceability of data, activities, and approval processes and ensure compliance with international regulations, especially Sarbanes-Oxley requirements. The challenge was to increase the sales network's involvement in setting revenue goals and apply a single reporting and consolidation process to different companies serving various markets. Lowara worked with IConsulting to implement a system based on Oracle's Hyperion Financial Management to support and integrate the entire data collection cycle for Web sales, budget preparation, various forecasts, and strategic three-year plans as well as rationalized, accelerated, and optimized management processes and hierarchical approval monitoring.

IT Service Management: A Top Priority for 2008
IBM recently commissioned the Butler Group to discover the priorities of more than 100 senior IT professionals working in large organisations and enterprises. The results of the survey show what role ITSM will play in 2008, what the priorities will be and how capabilities are deployed. It also provides analysis and insight from Tim Jennings, Research Director, Butler Group. The research findings are an essential read for IT professionals developing or deploying Service Management capabilities.

Web Application Security: Too costly to ignore
Web application security is crucial to mitigating the risks of attack and attaining regulatory compliance. The number of web attacks is on the rise and is exponentially more cost effective to remedy those flaws early in the development process. There is an enormous chasm between where application security should be and the sad shape of application security today. Download this free whitepaper from HP Software to learn about the gaps in most application security programs and how to incorporate application security across the lifecycle.

Sony Pictures Protects Exclusive Entertainment Content From Unauthorized Access With Improved Security Management
Sony Pictures Entertainment produces and distributes motion pictures and television programs. To secure the distribution of valuable content across public networks, SPE needed to control both access and editing rights for staff and external stakeholders. The company also wanted to be able to dictate that only people with specified jobs could access different pieces of content, and ensure that users were correctly identified, authorized and authenticated before any content was made available to them. To overcome this, SPE has deployed a single global Identity and Access Management (IAM) solution from CA.

Best Practices for Wireless Network Security and Sarbanes-Oxley Compliance
An important component of any effective system of internal controls is maintaining systems that ensure the confidentiality and integrity of corporate, financial and customer data. This paper will explore what security challenges wireless networks present, suggest best practices to ensure Wireless LAN security, and demonstrate how AirDefense Enterprise, a Wireless Intrusion Detection and Prevention System, can help to define, monitor and enforce the wireless security policy. By adequately protecting the wireless infrastructure, organizations can demonstrate effective internal control over protection of confidential data and ultimately ensure Sarbanes-Oxley compliance.

IT Manager Webcast: Microsoft IT Compliance: Policy, HBI, SOX, and PCI (Level 200)
Disclosure of High Business Impact (HBI) information might cause severe material loss to Microsoft, the information asset owner, or relying parties. The attendee of this webcast will learn how Microsoft developed HBI policy that complies with SOX and the Payment Card Industry (PCI) standards. The attendee will also learn how the PCI standards are implemented, reviewed, and managed at Microsoft and understand what technologies and processes are used to safeguard against disclosure of customer and consumer information.

Streamlining Operations: How a Financial Services Leader Consolidated Accounting Systems for Over 150 Affiliate Firms With Hosted Lawson Software
Founded in 1998, National Financial Partners is a national network of independent financial advisors offering financial services to high net worth individuals and growing entrepreneurial companies. To achieve true economies of scale, National Financial Partners needed to standardize and consolidate their accounting processes across all affiliates while meeting Sarbanes-Oxley compliance deadlines. In addition, business leaders were challenged to control the quality of information while limiting inefficiencies and ensuring maximum automation for workflow optimization. With a blended team of 13 functional and technical consultants, EDL leveraged Lawson's Accounts Payable, Cash Ledger, General Ledger and other modules to craft a customized solution that helped NFP to transfer over 150 financial advisory firms using different accounting systems onto the same platform.

Compliance: The California Security Breach Notification Act (SB 1386)
The California Security Breach Notification Act states that any business or agency that uses a computer to store confidential personal information about a California resident must immediately notify that individual upon discovering any breach to the computer system upon which this information is stored. Failure to notify the individual(s) could subject the business/agency to civil damages and lawsuits. The statute became effective July 01, 2003. While lawsuits can be sufficiently damaging to a company's bottom line and reputation by themselves, failing to deal with the risks associated with SB 1386 could trigger violations of the Sarbanes-Oxley Act, which has serious consequences for violators.

Compliance: The Sarbanes-Oxley Act
Sarbanes-Oxley (commonly called "SarbOx" or "SOX") is law today. It was enacted by the U.S. Congress in 2002 in the wake of serious accounting scandals perpetrated by major U.S. corporations. It affects the accounting, financial reporting, and tracking of sales activities for large and small public companies alike, and also for privately held firms that may at some point seek to become public. Compliance with the law constitutes a major investment of corporate resources for companies of all sizes - failure to comply has destroyed companies and ruined careers.

Improving Intercompany Reconciliation for a Faster Close
In 2007, businesses moved beyond the initial need to comply with legislation like the Sarbanes-Oxley Act (SOX) and instead focused on driving sustainability and control into their corporate processes. Of the various initiatives supporting this shift, the fast close--a concept used to describe a corporation's ability to complete its accounting cycles and close its books quickly--is perhaps one of the best documented. This SAP/Business Objects paper examines the issues behind intercompany reconciliation and outlines how certain companies have made impressive progress in improving the flow of communication during the intercompany process, removing it from the close's critical path and improving the quality of data.

^back to top

Regulatory Compliance Headlines

Live Webcast: Top Ten Challenges with On-Premise Email Management
For most organizations, the costs and management burdens of ever more sophisticated email continuity and archiving systems is now a serious problem. To manage increasing data stores, complex retention policies, fast search and recovery of messages and disaster recovery, companies have many choices for on-premise or on-demand services. While on-premise solutions have been the norm, Dell MessageOne believes that the trend is now clearly favoring on-demand services designed to solve these problems. Join this live TechRepublic Webcast sponsored by Dell MessageOneTM to learn about the top ten challenges with on-premise email management, and how on-demand, managed services may provide you with a more cost effective and complete answer to email management. Learn how storage, search, recovery and e-Discovery as well as continuity may be more easily managed via a hosted solution. Also you will receive an overview of Dell MessageOne and our on-demand Email Management Services (EMSTM) can uniquely solve these problems. Register today!

Document Management Technology Enables City of Hope to Streamline Accounting and Accelerate Insurance Billing
Like most hospitals, City of Hope had a growing problem keeping up with all of their paper records in the accounting department. Several years ago, they installed a document management system to manage these records but it was taking too much time to process and index the information. After reviewing several document management systems, the hospital selected Document Locator from ColumbiaSoft. Document Locator has many powerful features, the two that got their attention were the rapid indexing of documents as they were saved into the system and the powerful security model, which was easy to administer and ensured absolute confidentiality.

MedicAlert Expands Service and Protects Critical Data for Members Worldwide
For fifty years, MedicAlert has helped save lives by providing emergency responders and healthcare practitioners. However, with the rise of HIPAA mandates and other standards from similar global regulatory bodies, MedicAlert decided it could no longer preserve that privacy with limited homegrown security technology. In order to provide extended member services, as well as improve internal efficiency and productivity, MedicAlert officials began a search for an enterprise-class security software solution. MedicAlert implemented the CA Identity & Access Management solution that delivered the reliable and accountable security features that MedicAlert's critical and sensitive operations required.

^back to top

SEC Rule 17A-4

Compliance: SEC 17a-4/NASD 3010/3110
In the wake of the 1928 stock market crash and the uncovering of widespread securities fraud, the U.S. Congress enacted the Securities Exchange Act of 1934. The Act seeks to protect investors from fraudulent or misleading claims in the securities industry and requires extensive record keeping, reviewing, and auditing by independent auditors, and administration of financial transaction records. NASD 3010/3110 are part of comprehensive regulations enacted and enforced by the National Association of Securities Dealers on behalf of more than 5,000 registered financial institutions and investment funds. All aspects of the SEC and NASD regulations are effective today.

Controlling the Uncontrollable: Managing eDiscovery Risk at the Edge
A large enterprise spent $12.5 million to review documents that were past their retention period during a discovery. Sound familiar? Hear from information risk technology leader NextPage during this TechRepublic Webcast, now available on demand, to learn how your enterprise can delete and preserve the information residing on the edge -- hard drives, scattered shared drives, key drives, and e-mail attachments. While you can't totally eliminate enterprise information risk, you can proactively minimize the potential adverse effects of your current unmanaged documents. Eighty percent of enterprise documents reside on end user machines and scattered shared drives and with over 7.5 billion office documents created annually, getting a handle on the situation has proven difficult in the past. Most ROIs to reduce the cost of eDiscovery start with more effective handling of documents during a discovery. But the fact of the matter is if you can actively enforce your written document retention policy on the edge you get document compliance and decreased costs. By proactively tracking and classifying new documents you stop the problem, control the information, and become prepared for the next eDiscovery. Then you can evaluate how to handle the legacy issues. View this important Webcast today to learn more about protecting your enterprise!

The Case for Document Management
Are you asking how to avoid court-imposed sanctions? Are you wondering how to keep the escalating costs of electronic and paper discovery to a minimum? Whether the objective is to handle litigation, deliver new contracts, or projects, companies today need solutions that promote teamwork. However, common bottlenecks inhibit many organizations from achieving their peak performance: Risk imposed by compliance regulations and corporate guidelines Quality problems and delivery delays caused by inefficient processes Lack of coordination between external partners, vendors, parties and clients Difficulties in capturing, finding, and leveraging organizational knowledge The ViewWise Document Management Solution can help your organization address compliancy and eDiscovery efforts. Computhink's ViewWise was created to assist organizations by helping eliminate the content burden that surrounds most offices today. ViewWise does this by helping organizations with access, archiving, storage, security, workflow and tracking of Electronic Content, while providing simple options for scanning, integrating, importing, and classifying.

Email archiving - Are you feeling lucky?
Businesses of all sizes are struggling with ever growing electronic information volume and content. Although email is not the only electronic information, it is by far the fastest growing both in volume and sensitivity. Not only are companies worried about security risks but they are equally challenged with constant capacity planning, performance and reliability issues due to email growth. More importantly, recent regulations such as Federal Rules of Civil Procedure (FRCP) and state laws are imposing extra burden on IT organizations to have auditable archiving policies and be able to produce emails as evidence in case of a dispute. Small, Medium and Large organizations are looking to understand best practices in e-Discovery and find ways to offload their challenges and lower their cost and risk. View this informative Webcast from TechRepublic to learn: What is e-Discovery? Does it apply to your organization? What are the typical message discovery challenges companies face? What innovation is Google bringing to this market? How is that changing the way people archive and retrieve email? What are the next steps for you to learn more and reduce risk for your company? Hear from George Socha, a leading expert in e-Discovery and President of Socha Consulting LLC. George is the co-author of the leading survey on the electronic discovery market, The Socha-Gelbmann Electronic Discovery Survey, now beginning its sixth year. You'll also hear Bill Kee, Product Marketing Manager for Google Message Discovery Service.

Getting ahead of security issues, compliance regulations and IT processes
It can be difficult to ensure the confidentiality and integrity of your critical data with customers demanding 24/7 secure access to their data and regulators applying pressure on your business. In this Risk, Compliance and Security e-Kit for Financial Institutions, you'll learn about IBM security solutions that proactively protect against worms, viruses and other threats. There is a Tower Group white paper on the need for stronger consumer banking authentication, a study about innovative solutions for identifying, measuring, and optimizing operational risks and an ISS case study about staying on top of new vulnerabilities. Plus, six other reports on preventive solutions to security.

CIO Strategies for the Retention and Deletion of Email
With new regulations and the recent changes to the Federal Rules of Civil Procedure, legal departments are turning to IT leadership to manage retention, deletion, search and recovery of email and other Electronically Stored Information (ESI). CIOs must track billions of email messages, database records and desktop files, know where they are, ensure they are secure, delete them on schedule, and be able to produce them as required. How does an organization ensure a successful retention strategy? This whitepaper provides CIOs with useful information about litigation issues surrounding email and ESI as well as information on how to define and implement a retention and deletion strategy. Also included is an overview of MessageOne's on-demand EMS Email Archive - service, the first SaaS archiving solution capable of painlessly solving email retention, deletion, search and e-Discovery challenges.

Data Quality, Compliance, and Risk for Financial Institutions
Poor data quality is endemic in most financial institutions, with risk managers frequently citing a lack of clean, high-quality data as the biggest inhibitor to achieving their risk management and regulatory compliance objectives. To combat the problem, Informatica offers data quality scorecarding capabilities -- a metrics-driven approach to measuring, tracking, and reporting on data quality defects. Read this informative white paper to learn more about it.

Realtime Publishers: Understanding how privacy and government regulations affect email compliance
Email compliance is just one instance of the regulatory impact on IT operations. There are a number of privacy and corporate governance regulations that apply to email services, and the list of such laws is likely to grow. Fortunately, many regulatory requirements coincide with business requirements for security, business continuity, and operations management. Sound email management driven by business needs can go a long way toward compliance as well. This article examines some of the more well-known regulations that have an impact on email management practices, then explores the most effective way to comply with these regulations.

Security and control: The smarter approach to malware and compliance
The continuing evolution of malware threats combined with the demand for increasingly flexible working practices is a significant challenge to IT departments seeking to reduce help desk support and get better value for money from their investment in security. This paper looks at how organizations can benefit from a more integrated, policy-driven approach to protecting the network at all levels and controlling both user access and behavior.

Policy and IT Controls Compliance Challenges and Solutions
Achieving compliance requires a set of methodologies and disciplines that give executives a better picture of the security of their enterprise and help them improve it. Written by Richard LeVine of Accenture, this white paper describes the benefits of compliance, the depth of work required to achieve it, and some powerful tools that increase the effectiveness of compliance efforts.

Online Publisher Meets Goal of Providing Compliance Week Users with the Most Effective Search Application
Financial Media Holdings Group (FMHG) is the parent company of Compliance Week, the industry's definitive newsletter on corporate governance issues. In mid-2005, the company sought a commercial search application that would enable its users to find what they need when they need it. Among its top requirements, FMHG sought a solution with: A sophisticated, flexible architecture The ability to support custom conversion and preprocessing applications A customizable user interface Download this case study to learn why FMHG's quest ultimately led them to Coveo Enterprise Search, and why the company is so pleased with its selection.

^back to top

HIPAA

Best Practices Guide for Healthcare Providers: Case Study
Higher costs, more information, and greater regulatory compliance are just some of the demands placed on healthcare providers. Microsoft's Desktop Optimization solution helps healthcare providers access data at anytime from virtually anywhere, while keeping it secure and fully compliant with regulations such as HIPAA--freeing up valuable time to focus on improving patient care.

Compliance: The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
HIPAA requires healthcare organizations and businesses that manage patient health information to protect the confidentiality and security of all health data managed by that organization. HIPAA compliance requirements, coupled with advances in electronic exchange of information, put significant additional technical and administrative burdens on the healthcare organizations of all sizes.

Biscom Delivery Server and HIPAA Compliance
The Health Insurance Portability and Accountability Act (HIPAA), also known as the Kennedy-Kassebaum Act, was enacted by the US Congress in 1996 to enable better access to health insurance, reduce fraud and abuse, and lower the overall cost of health care in the United States. Title II of HIPAA, the Administrative Simplification (AS) provisions, requires the establishment of national standards for the use and dissemination of health care information. In order to comply with HIPAA, CEs must have organization-wide policies, procedures, reporting applications, and technologies in place to secure protected information, much of which is communicated electronically through email and FTP.

Develop a HIPAA Privacy Policy
Most medical administrators have grappled with the issue of developing a HIPAA-compliant privacy policy. They have either developed a policy themselves or delegated the task to a staff member, possibly a medical group records administrator or hospital privacy official. But some administrators have not yet tackled this challenge for a number of reasons. Possibly their organizations were previously exempt from compliancy because they did not file electronic claims, a prerequisite for classification as a provider under the HIPAA guidelines. Possibly the organizations were programmatically exempt, such as a workers' compensation carrier or workers' compensation supporting organization. Other previously exempt organizations may have experienced a "Privacy incident" involving the inadvertent disclosure of Protected Health Information (PHI), which motivated the organization to "Reach for compliance."

Healthcare Group Upgrading to SQL Server 2008 to Better Protect 2 Terabytes of Data
Based in Boston, CareGroup is the corporate parent of Beth Israel Deaconess Medical Center, a teaching hospital of Harvard Medical School, and three other area hospitals. CareGroup hosts its data on 390 databases on 30 instances of Microsoft SQL Server 2005. The organization is updating databases to SQL Server 2008 to take advantage of new features including advanced auditing and transparent encryption to help it meet HIPAA and other regulatory requirements. CareGroup is using Policy-based Management, new for SQL Server 2008, to enforce policy and schema across its operations, and is centralizing reporting using SQL Server 2008 Reporting Services accessed through a portal created using Microsoft Office SharePoint Server 2007.

PCI DSS and HIPAA: The Security Standards Share Common Ground
One of the greatest challenges that the electronic transactions industry faces today is the issue of security requirements under various rules and regulations. For most people in the industry, the issue is focused on the specifics of the Payment Card Industry Data Security Standard (PCI DSS), but the issue may be much broader than that. Many other security sets are currently operative and they interface with the merchant population that the industry serves. Federal legislation with security requirements include HIPAA (the Hospital Insurance Portability and Accountability Act) of 1996 Title II, the Graham-Leach-Bliley Act of 1999, ground in the merchant services field.

Are you prepared to meet the January 2009 California Pedigree Law?
Implementing new serialization on pharmaceutical products can be confusing. Vendors, trade partners and the industry offer conflicting information -- and California's new drug tracking requirements only add to the confusion; they're clear about what needs to be done, but not how. The first step toward compliance is serialization -- and IBM can help. This paper explains why the IBM Serialization Pilot Kit with TAGSYS RFID is an inexpensive, low risk way to rapidly pilot and evaluate HF RFID for item-level serialization in packaging operations. Get the paper and get started on the new compliance requirements today!

Achieving HIPAA Security Standards Compliance by Implementing an ISO/IEC 27000 Series Information Security Management System
This paper has been prepared to provide those organizations having an interest in compliance with the US Health Insurance Portability and Accountability Act (HIPAA - 1996, revised 2003) Security Standards, especially those in the business of handling 'Electronically protected health information', with an understanding of the inter-relationship between those Security Standards and the growing series of international standards addressing Information Security Management Systems (ISMS). The paper shows how these ISMS standards can be applied by a business to demonstrate its compliance with the HIPAA whilst providing additional benefits, such as broader assurance across the whole (or a well-defined sub-unit) of an organization's information security management system and certified compliance of that system based upon an internationally-recognized scheme which will be acknowledged by business partners, investors, and customers.

Email Archival: "For Compliance, Discovery & Storage"
View this recorded Webcast, presented by Lisa Morgan, Director Channel Programs, and Vince Smolek, Technical Services Mgr. for Computhink.

Compliancy & Document Management: "The Critical Connection"
View this on-demand Webcast, presented by Doug Brennecke, V.P. Sales, Computhink, and featuring guest speaker Tom von Gunden, chief editor of enterprise content management news and solutions site ECM Connection.

ICD-10: Turning Regulatory Compliance Into Strategic Advantage - Are U.S. Health Plans and Providers Ready for ICD-10 Adoption?
As if existing IT investments weren't a large enough strain on provider and payor budgets, the U.S. health care industry is facing a new challenge: ICD-10 (International Statistical Classification of Diseases and Related Health Problems, Version 10) implementation. In 2011, per the mandate of Senate Bill 628, the United States will move from the ICD-9 system of disease classification to ICD-10, a much more complex system that reflects recent advances in disease detection and treatment via biomedical informatics, genetic research and international data-sharing. U.S. ICD-10 adoption has the potential to revolutionize the nation's health care system and produce a huge wave of IT spending. However, the process will require a massive overhaul of the nation's medical coding system. In fact, some industry observers say that ICD-10 could overtake Y2K in terms of impact and cost. ICD-10: Turning Regulatory Compliance into Strategic Advantage, a new paper from the Deloitte Center for Health Solutions, part of Deloitte LLP, describes the impact of the proposed move to ICD-10 on U.S. health plans and providers and discusses the need to prepare for this change now. Specifically, it looks at the potential impacts of ICD-10 compliance on three camps of health care organizations: Pragmatists, Collaborators, and Innovators.

^back to top