Posted by: GuyPardon
compliance, Health care, Health Insurance Portability and Accountability Act, HITECH, Information security, IT compliance, Payment card industry, PCI DSS, policy, Security, Wired Equivalent Privacy
The diversity of stakeholders involved in IT compliance is reflected in the many compliance resources that are published each month across the TechTarget network of IT media. For instance, this month’s Storage Decisions Conference explored how storage managers must explain retention, email archiving and compliance.
At SearchOracle.com, there’s news about how Oracle updated Agile PLM for food and beverage compliance, allowing manufacturers to better analyze ingredients for safety.
At SearchFinancialSecurity.com, a new story explores full disk encryption, which is fast becoming a priority for laptop security in midmarket companies given increasing fears of data breaches. The article explains how to choose full disk encryption for laptop security, compliance.
Earlier this year, SearchNetworking.com ran “New PCI compliance rules ban WEP, tighten wireless LAN security.”
PCI DSS compliance
Since security and compliance are bound closely together, it should come as no surprise that SearchSecurity.com features new compliance resources regularly. That’s particularly true when it comes to PCI compliance.
Last week, site editor Rob Westervelt wrote “PCI virtualization SIG closer to proposing changes to standard.” Westervelt writes that the PCI Virtualization Special Interest Group, which has been studying virtualization for the payment card industry (PCI), is close to issuing guidance ways to maintain PCI DSS compliance when using virtualization.
For more on PCI, editorial director’s Kelley Damore feature about what PCI compliance really means in September’s issue of Information Security magazine has a plethora of useful links.
Elsewhere on SearchSecurity.com, Eric Holmquist offered guidance on strategies for using technology to enable automated compliance.
Given that schools are back in session, IT admins entrusted with securing the records of students may find security expert David Mortman’s explanation for how to prepare for a FERPA audit useful.
Mortman also provides useful advice on a PCI DSS requirement for monitoring and testing security, PCI DSS compliance: ensuring data integrity and understanding PCI DSS compliance requirements for log management.
And “across the pond,” SearchSecurity.uk.co wrote about new products that aim to streamline compliance efforts.
SearchSecurity.com also publishes compliance resources that serve the fast-moving healthcare field, including stories like “FTC extends breach notification to Web-based health repositories” and “HIPAA compliance manual: Training, audit and requirement checklist.”
Again, Mortman provides expert advice on this areas, including guidelines to create a HIPAA-compliant data center, HHS HIPAA guidance on encryption requirements and data destruction and information on writing a patient identifier policy to prevent common HIPAA violations.
We’ve been covering healthcare at SearchCompliance.com as well, along with our sister site, SearchCIO.com, where senior writer Linda Tucci recently wrote that health care security and HIPAA compliance are on deck for CIOs.
We published “HITECH changes the game, but HIT standards still on way” this morning, in fact, following on our FAQ on the HITECH Act’s impact on IT operations and a tip about when is a data breach under HITECH is really ‘discovered.’
Here’s hoping you find these compliance resources useful in your own efforts. If you have other websites you regularly visit to find compliance resources to help you meet regulatory mandates, please let us know in the comments.