Sarbanes-Oxley: A Cross-Industry Email Compliance Challenge

Written by CipherTrust

Is your enterprise followingrepparttar rules?

The bulk of financial information in many companies is created, stored and transmitted electronically, maintained by IT and controlled via information integrity procedures and practices. For these reasons, compliance with federal requirements such asrepparttar 135968 Sarbanes-Oxley Act (SOX) is heavily dependent on IT. Companies that must comply with SOX are U.S. public companies, foreign filers in U.S. markets and privately held companies with public debt. Ultimately accountable for SOX compliance arerepparttar 135969 corporate CEO and CFO, who will depend on company finance operations and IT to provide critical support when they comply withrepparttar 135970 SOX requirement to report onrepparttar 135971 effectiveness of internal control over financial reporting.

Sound practices include corporate-wide information security policies and enforced implementation of those policies for employees at all levels. Information security policies should govern network security, access controls, authentication, encryption, logging, monitoring and alerting, pre-planned coordinated incident response, and forensics. These components enable information integrity and data retention, while enabling IT audits and business continuity.

Complying with Sarbanes-Oxley The changes required to ensure SOX compliance reach across nearly all areas of a corporation. In fact, Gartner Research went so far as to callrepparttar 135972 Act “the most sweeping legislation to affect publicly traded companies sincerepparttar 135973 reforms duringrepparttar 135974 Great Depression.” Sincerepparttar 135975 bulk of information in most companies is created, stored, transmitted and maintained electronically, one could logically conclude that IT shoulders a lion’s share ofrepparttar 135976 responsibility for SOX compliance. Enterprise IT departments are responsible for ensuring that sound practices, including corporate-wide information security policies and enforced implementation of those policies, are in place for employees at all levels. Information security policies should govern:

  • Network security
  • Access controls
  • Authentication
  • Encryption
  • Logging
  • Monitoring and alerting
  • Pre-planning coordinated incident response
  • Forensics

These components enable information integrity and data retention, while enabling IT audits and business continuity.

In order to comply with Sarbanes-Oxley, companies must be able to show conclusively that:

  • They have reviewed quarterly and annual financial reports;
  • The information is complete and accurate;
  • Effective disclosure controls and procedures are in place and maintained to ensure that material information aboutrepparttar 135977 company is made known to them.

Sarbanes-Oxley Section 404 Section 404 regulates enforcement of internal controls, requiring management to show that it has established an effective internal control structure and procedures for accurate and complete financial reporting. In addition,repparttar 135978 company must produce documented evidence of an annual assessment ofrepparttar 135979 internal control structure’s effectiveness, validated by a registered public accounting firm. By instituting effective email controls, organizations are not only ensuring compliance with Sarbanes-Oxley Section 404; they are also taking a giant step inrepparttar 135980 right direction with regards to overall email security.

Effective Email Controls Email has evolved into a business-critical application unlike any other. Unfortunately, it is also one ofrepparttar 135981 most exposed areas of a technology infrastructure. Enterprises must install a solution that actively enforces policy, stops offending mail both inbound and outbound and halts threats before internal controls are compromised, as opposed to passively noting violations as they occur.

Alert: New HIPAA Rules Could Affect Your Organization

Written by CipherTrust

Failure to adhere torepparttar new guidelines could cost your company up to $250,000 per infraction!

On April 21, 2005 (just over three weeks from today), a new Health Insurance Portability and Accountability Act (HIPAA) security rule goes into effect. The requirements of this rule, which are basically information security best practices, focus onrepparttar 135967 three cornerstones of a solid information security infrastructure: confidentiality, integrity and availability of information.

The imminent HIPAA regulatory requirements encompass transmission, storage and discoverability of Protected Health Information (PHI). Givenrepparttar 135968 widespread use and mission-critical nature of email, enforcement of HIPAA encryption policies andrepparttar 135969 growing demand for secure email solutions, email security has never been more important torepparttar 135970 healthcare industry than it is right now.

Although many assume it applies only to health care providers, HIPAA affects nearly all companies that regularly transmit or store employee health insurance information. HIPAA was signed into law in 1996 by former President Bill Clinton, withrepparttar 135971 intent of protecting employee health and insurance information when workers changed or lost their jobs. As Internet use became more widespread inrepparttar 135972 mid-to-late 1990s, HIPAA requirements overlapped withrepparttar 135973 digital revolution and offered direction to organizations needing to exchange healthcare information.

HIPAA inrepparttar 135974 Workplace Collaboration between employers and healthcare professionals has grown increasingly digital, and email has played an ever-increasing role in this communication. However, email’s increased importance can lead to severe consequences without proper security and privacy measures implemented.

In addition torepparttar 135975 usual concerns about privacy and security of email correspondence, even organizations that are not inrepparttar 135976 healthcare industry must now considerrepparttar 135977 regulatory compliance requirements associated with HIPAA. The Administrative Simplification section of HIPAA, which, among other things, mandates privacy and security of Protected Health Information (PHI), has sparked concern about how email containing PHI should be treated inrepparttar 135978 corporate setting. HIPAA, as it relates to email security, is an enforcement of otherwise well-known best practices that include:

  • Ensuring that email messages containing PHI are kept secure when transmitted over an unprotected link
  • Ensuring that email systems and users are properly authenticated so that PHI does not get intorepparttar 135979 wrong hands
  • Protecting email servers and message stores where PHI may exist

Cont'd on page 2 ==> © 2005
Terms of Use