Overheard in the tech blogosphere » Compliance

JOBS Act

Margaret Rouse — Fri, 29 Jun 2012 22:51:51 +0000

“If a company was already moving in the direction of SOX compliance, they’ll probably find themselves with a little more breathing room than they had previously. At the same time, the GRC tools that help companies meet SOX compliance should be easily able to help support programs to comply with JOBS Act rules and related requirements.” – Chris McClean

Today’s WhatIs.com Word of the Day is JOBS Act, more formally known as the “Jumpstart Our Business Startups Act.” The intention of the Act is to cut down on compliance red tape for startup companies.

Overheard talking about the Volcker Rule

Margaret Rouse — Mon, 07 May 2012 18:28:21 +0000

“The Federal Reserve’s attempt to clarify the ‘Volcker rule’ is only creating more confusion. At issue is whether the Fed is requiring banks to start scaling back on making bets with their own money almost immediately, or whether they can continue until the ban on such activities goes into effect in two years.” –Scott Patterson

Today’s WhatIs.com Word of the Day is the Volcker Rule, a section of the Dodd–Frank Wall Street Reform and Consumer Protection Act that restricts U.S. banks from making speculative, high-risk investments that do not benefit customers.

From the get-go, bankers have expressed concern that the Volcker Rule would hurt the ability of U.S. businesses to be competitive in a global arena. SearchCompliance.com has more information about how the Volcker Ruling will affect IT departments.

Overheard talking about ITAR and EAR compliance

Margaret Rouse — Tue, 08 Jun 2010 18:35:36 +0000

Organizations in certain industries will not tolerate the incursion of iPads and iPhones into their IT infrastructure because of compliance reasons.

Kevin McDonald, iPads force their way into corporate IT

Today’s WhatIs.com Word of the Day is ITAR and EAR compliance.

“On the HIPAA side and in ITAR, [customers] were booting iPhones,” McDonald said. “We’re removing them in favor of the Blackberry.” (ITAR refers to the U.S. State Department’s International Traffic in Arms Regulations, which outlaw the export of critical technologies that could be used against the U.S.)

“You can’t centrally manage them or control the apps,” McDonald said. “You can’t remote-delete with any assurance. And in an environment where you absolutely must prove where the data goes and where it’s stored, if it’s encrypted, you cannot do that with an iPhone or iPad.”

In short, the strength of the iPad and iPhone — the availability of thousands of apps — is also their weakness when it comes to security. To be fair, Google’s Android phones fall into the same trap, McDonald said.

Overheard talking about Common Criteria

Margaret Rouse — Thu, 13 May 2010 13:41:46 +0000

For many decades, security engineering was a specialized topic, primarily considered within military organizations or by those working with them. Standards like TCSEC and ITSEC from the 1980s and 1990s, and later the Common Criteria, described the software-engineering activities needed to develop and validate security-critical systems.

Dr. David Basin, Integrating security into the system development process

Today’s WhatIs.com Word of the Day is Common Criteria.

Overheard talking about Section 508

Margaret Rouse — Wed, 12 May 2010 15:22:50 +0000

“One of the most painstaking web programming tasks is achieving web accessibility. Although estimates vary, between 5 and 10% of Web users have some sort of accessibility need.”

Nick Kellett, Sharepoint Accessibility

Today’s WhatIs.com Word of the Day is Section 508. According to a Sharepoint tutorial on SearchWinDevelopment.com, SharePoint 2007 outputs a lot of code that is not compliant with Section 508 or other accessibility regulations.

Overheard talking about e-prescribing

Margaret Rouse — Wed, 24 Feb 2010 16:06:06 +0000

As with any business-to-business supply chain, if you administer electronic data interchange without standards, it doesn’t work.

Ted Kremer, as quoted in Lack of health information exchange standards slowing adoption

Today’s WhatIs.com Word of the Day is e-prescribing incentive program.

Overheard – Credit CARD Act

Margaret Rouse — Wed, 17 Feb 2010 13:36:12 +0000

“While companies can’t hike your rates on existing balances unless you’re 60 days late with a payment, they can raise rates on future purchases any time and for any (or no) reason. They do have to tell you this, but they’ll probably send it in an envelope that looks like junk mail in the hopes you’ll throw it out.”

Lauren Bowne, as quoted in Beware: Loopholes in the Credit CARD Act you need to know about

Today’s WhatIs.com Word of the Day is Credit CARD Act.

Martha White provides a great overview of the Credit CARD Act’s “gotchas” in her interview with Lauren Bowne.

While the CARD Act has limits on the severity of penalty fees you can be charged, there’s no rule against card companies making up as many new fees as they can conjure and charging whatever they like for them.

Overheard – IFRS

Margaret Rouse — Thu, 28 Jan 2010 15:30:10 +0000

While U.S. GAAP could conceivably become the de facto global standard, it seems more likely that IFRS will hold that distinction. More countries and markets use IFRS, it has been developed with an international view from the start, and it has the structures in place to obtain global input and acceptance.

Scott Taub IFRS & U.S. GAAP: Where Do We Stand?

Today’s WhatIs.com Word of the day is International Financial Reporting Standards (IFRS).

Overheard – clean desk policy

Margaret Rouse — Mon, 25 Jan 2010 18:32:52 +0000

I was accompanied by a Senior Director, who attempting to find a machine with which to demo a new product, chanced upon a staff member’s desk where some documents had been left in full view. He picked them up and said he would lock them in his own office, so that the staffer wasn’t fined. Apparently, company policy at the time was to enforce the clean desk policy through an automatic payroll deduction. :-O

David J. Anderson, Clean Desk Policies

Today’s WhatIs.com Word of the Day is clean desk policy.

Overheard – data archiving

Margaret Rouse — Thu, 07 Jan 2010 15:13:44 +0000

“Technically, archiving applications used for compliance should apply policies to files, move files based on those policies and keep audit information on files. Also, the file content should be indexed to make it searchable and be written to specific media depending on regulatory specifics.”

Shane O’Neill, Choosing a compliance archiving tool

Today’s WhatIs.com Word of the Day is data archiving.