Overheard in the tech blogosphere:

Compliance

Feb 24 2010   4:06PM GMT

Overheard talking about e-prescribing



Posted by: Margaret Rouse
e-prescribing, electronic health records, Compliance, standards
As with any business-to-business supply chain, if you administer electronic data interchange without standards, it doesn’t work.

Ted Kremer, as quoted in Lack of health information exchange standards slowing adoption

Today’s WhatIs.com Word of the Day is e-prescribing incentive program.

Feb 17 2010   1:36PM GMT

Overheard - Credit CARD Act



Posted by: Margaret Rouse
Compliance
“While companies can’t hike your rates on existing balances unless you’re 60 days late with a payment, they can raise rates on future purchases any time and for any (or no) reason. They do have to tell you this, but they’ll probably send it in an envelope that looks like junk mail in the hopes you’ll throw it out.”

Lauren Bowne, as quoted in Beware: Loopholes in the Credit CARD Act you need to know about

Today’s WhatIs.com Word of the Day is Credit CARD Act.

Martha White provides a great overview of the Credit CARD Act’s “gotchas” in her interview with Lauren Bowne.

While the CARD Act has limits on the severity of penalty fees you can be charged, there’s no rule against card companies making up as many new fees as they can conjure and charging whatever they like for them.


Jan 28 2010   3:30PM GMT

Overheard - IFRS



Posted by: Margaret Rouse
Compliance, compliane reporting, international compliance
While U.S. GAAP could conceivably become the de facto global standard, it seems more likely that IFRS will hold that distinction. More countries and markets use IFRS, it has been developed with an international view from the start, and it has the structures in place to obtain global input and acceptance.

Scott Taub IFRS & U.S. GAAP: Where Do We Stand?

Today’s WhatIs.com Word of the day is International Financial Reporting Standards (IFRS).


Jan 25 2010   6:32PM GMT

Overheard - clean desk policy



Posted by: Margaret Rouse
Security, Compliance
I was accompanied by a Senior Director, who attempting to find a machine with which to demo a new product, chanced upon a staff member’s desk where some documents had been left in full view. He picked them up and said he would lock them in his own office, so that the staffer wasn’t fined. Apparently, company policy at the time was to enforce the clean desk policy through an automatic payroll deduction. :-O

David J. Anderson, Clean Desk Policies

Today’s WhatIs.com Word of the Day is clean desk policy.


Jan 7 2010   3:13PM GMT

Overheard - data archiving



Posted by: Margaret Rouse
data archiving, Compliance
“Technically, archiving applications used for compliance should apply policies to files, move files based on those policies and keep audit information on files.  Also, the file content should be indexed to make it searchable and be written to specific media depending on regulatory specifics.”

Shane O’Neill, Choosing a compliance archiving tool

Today’s WhatIs.com Word of the Day is data archiving.


Nov 18 2009   2:44PM GMT

Overheard - FACTA Red Flags Rule



Posted by: Margaret Rouse
Compliance, Red Flags Rule, identity theft, identity management
Compliance with the Red Flag rules must take a risk-based approach. Organizations are not given a specific set of items to implement; there is no detailed checklist. Compliance is principle-based focused on the outcome — avoiding identity theft — and not on specific requirements.

Michael Rasmussen, Red Flag Rules compliance demands a risk-based approach

Today’s WhatIs.com Word of the Day is Red Flags Rule.


Nov 13 2009   3:43PM GMT

Overheard - Enterprise document management



Posted by: Margaret Rouse
Compliance, enterprise document management, Enterprise content management
Compliance is a hamster wheel of pain. Are we in compliance? -> Hire Consultant -> The Consultant Says No -> Scurry and spend -> Repeat.

Alex Hutton, The Cult Of Compliance

Today’s WhatIs.com Word of the Day is enterprise document management.


Nov 11 2009   2:59PM GMT

Overheard - Bank Secrecy Act



Posted by: Margaret Rouse
Bank Secrecy Act, finanical security, Compliance
FinCEN is now seeking to engage smaller to moderate size depository institutions who are working to implement the four pillars of theBank Secrecy Act regulatory regime: (1) policies, procedures and internal controls; (2) designation of a compliance officer; (3) ongoing training; and (4) independent testing.

Bryan Cave Law Firm, October 2009 Client Alerts

Today’s WhatIs.com Word of the Day is Bank Secrecy Act.


Oct 20 2009   12:42PM GMT

Overheard - Shared Assessments Program



Posted by: Margaret Rouse
Compliance, compliance audit, IT controls
“One of the big issues everyone faced, especially on the service provider side was the inconsistency in the level of questions and controls clients looked at. This sets the standard and a baseline so everyone is looking at pretty much the same types of controls…You remove inconsistency and raise the overall bar of information security.”

Charlie Miller, as quoted in Shared Assessments aims to ease third-party security evaluations

Today’s WhatIs.com Word of the Day is Shared Assessments Program.


Sep 22 2009   2:23PM GMT

Overheard - FISMA and ICE



Posted by: Margaret Rouse
FISMA, Compliance, ICE, Security
“The new FISMA requirements call for government agencies and DoD contractors to comply with a set of prioritized controls that reflect their ability to detect and stop cyberattacks.”

Alexander B. Howard, ICE Act would restructure cybersecurity rule, create White House post

Today’s WhatIs.com Word of the Day is FISMA.