Question

  Asked: Mar 2 2007   9:55 AM GMT
  Asked by: rohitmagazine


Compliance to Acts


Compliance, Laws, Regulations, standards, Security Program Management, Risk management, CRM, Policies, Disaster Recovery

How can softwares for url/content filtering or mail scanning be made compliant to HIPAA , Sarbanes-oxley act etc. ...
What all features are required to be implemented to make them compliant ????

Subscribe to Alerts! Get questions and answers delivered to your Inbox.


E-mail me updates on this question



   SUBSCRIBE

hidden modal window

Answer Wiki (Improve, edit or add to this answer)


 RATE THIS ANSWER
0
Click to Vote:
  •   0
  •  0



I'm a little confused by the wording of your query.

Are you asking this question as a developer of compliance-enforcement software?

Are you asking as someone who needs to implement a solution and you are looking for software names or configuration information?

General directions to go in (since I'm not sure what you're looking for) would be:

Email transfers of attachments are a possibility.

When you say "URL filtering" do you mean outgoing web requests?

Or do you mean outsiders probing your web servers for confidential data?


If you reply (to everyone, not just me) with more details about what you're looking for we (as a group) may be better able to help you.

Bob
  • AddThis Social Bookmark Button

Browse more Questions and Answers on Security, CIO and CRM.

Looking for relevant Security Whitepapers? Visit the SearchSecurity.com Research Library.


Discuss This Answer


You must be logged-in to discuss a question. Log-in/Register

rohitmagazine  |   Mar 3 2007  1:38AM GMT

Thanks bob ….

Actually i am looking the compliance from a developers perespective … I have a product that implements Url/content filtering(outgoing web requests) as well as mail scanning(incoming/outgoing) ….
I want to make it compliant to various acts as i have mentioned in my previous question ????

I hope this clarifies my question ???

 

bobkberg  |   Mar 3 2007  1:30PM GMT

Right off, I did a quick google of “HIPAA” (Health Insurance Portability and Accountability Act)which came up with several sources <a href="http://www.hipaa.org" rel="nofollow">www.hipaa.org</a> among them.

SOX (Sarbanes-Oxley) is more of a financial responsibility and reporting law. Its primary focus as far as data is on retention of records (email, instant messages, databases, etc.) for the purpose of potential prosecution/disclosure.

Since you only specifically mentioned those two, and only alluded to others (COPPA, FERPA, and others) I’m wondering how much research you’ve done yourself on these subjects. There is a LOT of free information available on public laws - much of it from the governmental organizations charged with enforcing them.

However, I’ve tried to point you in some useful directions.

Good luck,

Bob