Regulatory Compliance

Legislative Regulations are Here to Stay

Regulatory Complaince


Regulatory legislation is here to stay because the majority of data gathered and compiled by organizations is now in electronic format. While this has made storage and transmission of this information more efficient, it has also provided more opportunities for data to be lost, stolen or corrupted. In order to protect sensitive customer and patient data and safeguard intellectual property, the US Congress has passed a number of laws governing how this data is to be secured. These laws are applicable to almost every industry including financial institutions, medical organizations, government entities and businesses of all kinds. In addition to protecting data, these organizations must be able to document that they are in compliance.

The onus for assuring compliance typically falls on IT professionals who must prove that their systems and networks are secure and that client/patient data, accurate financial statements, intellectual property and other sensitive records can be secured and transmitted in pristine condition and protected from internet-based threats such as viruses and worms.

Some regulations provide detailed requirements for the written security and privacy policies an organization must provide, while other regulations are less specific, requiring only that safeguards be "appropriate" depending on the size of the organization and the type of activity it conducts.

iPrism Web Filter Helps Your Organization Comply with Regulations

No matter what regulations govern your organization’s activities, the ability to protect your sensitive and proprietary records is paramount to your fiscal health. Lack of compliance carries serious consequences including substantial fines and litigation that can directly affect your bottom line. The iPrism Web Filter not only secures your network against Internet-based threats to your data from malware, P2P and IM, it provides comprehensive drill-down and real time monitoring and reporting that can help you document your compliance and consistently stay within the boundaries of the legislation affecting your organization.

The following is a table that contains a list of key regulations, the industries they affect and their general policy requirements:

Regulation Industry Requirements  
HIPAA (Health Insurance Portability and Accountability Act of 1996) Healthcare
  • Requires protection of confidentiality and assures the integrity and availability of all electronic protected health information (EPHI) that is created, received, maintained or transmitted
  • Eligible entities must protect against any reasonably anticipated threats or hazards to the security or integrity of such information
  • Requires protection against any reasonably anticipated uses or disclosures of such information that are not permitted or required by the Privacy Rule; and
  • Organizations must ensure compliance by their workforces
 
CIPA (Child Internet Protection Act) Schools and Libraries Schools and libraries subject to CIPA are required to adopt and implement a policy addressing minor Internet use as well as the technology required to enforce the policy. The policy and technology should address:

  • Access by minors to inappropriate matter on the Internet;
  • The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications;
  • Unauthorized access, including so-called "hacking," and other unlawful activities by minors online;
  • Unauthorized disclosure, use, and dissemination of personal information regarding minors; and
  • Restricting minors’ access to materials harmful to them.

Failure to comply can disqualify schools and libraries from getting valuable e-Rate funds to purchase technology

 
Sarbanes-Oxley Act (SOX) All Publicly Traded Companies
  • Requires executives and auditors to confirm the effectiveness of internal controls for financial reporting.
  • Ensures control of unauthorized access to data or data deletion
  • Requires robust access controls, interoperable with enterprise authentication, access and auditing
 
Gramm-Leach-Bliley Act (GLBA) Financial Services
  • Institutions governed by GLBA must assure the security and confidentiality of customer records and information
  • They must protect against any anticipated threats or hazards to the security or integrity of such records
  • They must protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.
 
The Prioritizing Resources & Organization for Intellectual Property Act All US Companies
  • In general, gives law enforcement more latitude in enforcing intellectual property (IP) laws
  • Protects IP including pharmaceuticals and manufactured goods, and artistic works such as MP3 and video files or other content transmitted electronically as well as on hard media
  • Organizations that are lax in securing their networks from illegal downloads face stiff penalties including criminal charges and having their computer equipment confiscated