Tech Alert: Eight Tips on an Information Management Strategy for Regulatory Compliance
03 Novembre 2010 - 1:34PM
Business Wire
The increasing emphasis on corporate and financial
accountability at the federal and state levels should motivate all
companies to evaluate their ability to protect and manage
potentially sensitive information, say experts at Digitiliti, Inc.
(OTC: DIGI), a pioneer and technology leader in the Information
Management business.
Here are eight tips for developing an information management
strategy to meet regulatory compliance.
1. Know what compliance laws/regulations apply to your
company. Legal departments, chief financial officers and/or
chief information officers should know what compliance laws and
regulations apply. These may include Sarbanes-Oxley (SOX),
Gramm-Leach Bliley Act (GLBA), Health Information Portability and
Accountability Act (HIPAA), Payment Card Industry Data Security
Standards (PCI), Federal Rules of Civil Procedure (FRCP), Federal
Information Security Management Act (FISMA), the Patriot Act,
and/or regulations from agencies such as the SEC, NASD and
NYSE.
2. Know what data has to be protected. Each
regulation identifies what type of data has to be protected. In
some cases only data identified as sensitive or private is
affected, so not every department or PC may require the same degree
of data control and security.
3. Conduct a full Risk Assessment. This can be
done internally, or through an outside security consultant, to
identify vulnerabilities that will impact the organization’s
ability to meet requirements for information management and
compliance. In conjunction with the Risk Assessment, you need to
conduct an enterprise-wide Data Assessment to identify and locate
where sensitive data resides, how much is there and what the data
is. You cannot secure your data until you know where it is.
4. Identify the Data Flow. Once you have
identified where the data is, you need to document the data flow.
In all work environments, there is an “official flow” and an
“unofficial flow.” How people go about getting their jobs done
doesn’t necessarily conform to who is on the organizational charts,
or what is written in company policies. Data flow factors include
who creates the data and has access to it; when the data is
created, stored, accessed, and disposed of; where the data resides,
both at rest and where it goes when in motion; how business
processes and workflows use the data; and why the data was needed,
is currently needed, or will be needed in the future.
5. Design, budget, schedule, and implement the network
security architecture. The network security plan will be based
on the risk and data assessment, data flow, and any applicable
policies, both internally defined company policies and externally
defined regulatory policies. Basic ideas are available from sources
such as the U.S. Department of Commerce’s National Institute of
Standards and Technology (NIST) as well as the individual
regulatory acts. Forklift upgrades will likely require the approval
of senior management and possibly affected department heads, and
the timeline for implementation may need to be adjusted
accordingly.
6. Use tools for
discovery/search/archive/hold/alert/audit. A good information
management system is needed to meet requirements for discovery
retention, search/e-Discovery, and disposal of sensitive
information. It should include tools that proactively identify
documents containing sensitive information anywhere on the network,
including the desktops, and “hold” capabilities to prevent disposal
schedules from removing critical information if litigation is
pending. It should also provide automatic alerts when data is
somewhere it’s not supposed to be, and can run data audits and
detailed reports on the data status if required by law and for the
auditors.
7. Use tools for backup/disaster recovery. A
Rock-solid information management system does not eliminate the
need for backup and recovery. The archiving capabilities in the
information management system will show a history of the files,
where they existed, when they existed and who created/changed them.
Backup systems do not do this but they are necessary to enable the
recovery of lost, corrupted, or damaged files and can provide bare
metal restores of desktops, servers and data bases. You really
should have both a backup/disaster recovery and information
management system.
8. Document/Monitor/Test/Train. Create and update the
Security Policy Document for the compliance regulations. Auditors
first look to see if you have a security policy document covering
the compliance rules. They are looking to see if you are following
what you have written down. Say what you do in the document and
then do what you say. First time the auditor finds a process not in
the policy document, you are in for a long audit. You will always
have to monitor and test your secure network. Networks, and the
people connected in the network, are dynamic and are always
creating change. Not to mention the bad guys outside your network.
Invest in some good vulnerability tools and consider contracting
out for a security service to do an external and internal security
audit at least twice a year. Finally, train the people who handle
the sensitive data on the security policies. This is another area
an auditor will look at-do the people handing the data know what
the rules are!
Digitiliti’s DigiLIBE™ is a simple-to-use system designed to
protect the confidentiality, integrity, availability of data from
its point of origin to final disposition. All user data is captured
at the point of origin and becomes a unique DigiLIBE Information
Object. The Information Object contains a uniform set of metadata
and preserves the integrity of the data-essential elements for
compliance and timely business decisions. The Information Object is
indexed, cataloged, encrypted and stored in a Virtual Corporate
Library further protecting the confidentiality, integrity,
availability of corporate data. DigiLIBE also provides essential
data and information management capabilities such as eDiscovery,
email and auto-desktop archiving, global deduplication, content
indexing, retention management, local storage, compression,
encryption and long-term archiving. DigiLIBE has three simple
components – Workstation Clients, Information Director, and the
cloud based Archive Information Store, DigiLIBE reduces the number
of disparate IT products needed, and the complexity and costs
involved with managing your information growth. A flash
presentation is available at:
http://digitiliti.com/index.php/solutions/digilibe.html.
About Digitiliti Inc.:
Digitiliti develops and provides advanced Information Management
solutions that address the cost, complexity, and compliance
problems associated with controlling and utilizing unstructured
data. Digitiliti provides enterprise-class products and services
that are easy to use, cost effective and always deliver the right
information, to the right people, at the right time helping them
make informed business decisions. Digitiliti services include
DigiBAK™, a complete offsite data protection/backup solution, and
DigiLIBE, a single integrated information management solution that
allows customers to extract and use the valuable business knowledge
hidden in their unstructured content. Digitiliti markets and sells
solutions solely through its worldwide network of channel partners.
For more information please visit http://digitiliti.com.
Digitiliti (CE) (USOTC:DIGI)
Graphique Historique de l'Action
De Oct 2024 à Nov 2024
Digitiliti (CE) (USOTC:DIGI)
Graphique Historique de l'Action
De Nov 2023 à Nov 2024