Compliance

With the multitude of mandatory government regulations in place, chances are your business needs to be compliant. Whether you are a law firm, doctor’s office or accounting firm it is important to be HIPAA or SOX compliant.

Many regulations require companies to support more stringent availability standards. Several acts and regulations, directed at specific industries or a broad cross-section of companies, mandate the protection of business data and system availability. Businesses may incur financial or legal penalties for failing to comply with these data or business availability requirements.

Health Insurance Portability and Accountability Act (HIPAA)—ensures that only properly authorized individuals have access to confidential patient health data and provides long-term guidelines to secure confidential information. HIPAA mandates a five-day maximum turnaround on requests for information.

Sarbanes-Oxley Act of 2002—stipulates that CEOs and CFOs attest to the truthfulness of financial reports and to the effectiveness of internal financial controls. Sarbanes-Oxley mandates a required timeframe in which to report financial results—each quarter and at year-end. Failure to make these deadlines can result in financial penalties.

New Basel Capital Accord (Basel II)—requires financial institution capital reserves to include operational and credit risks and includes IT security risk as a principal operational risk. Basel II also requires business resiliency standards for any financial institution doing business in the EU.

Gramm-Leach-Bliley Financial Services Modernization Act of 1999—limits access to non-public information to those with a “need to know” and requires safeguarding of customer financial information. Loss of important data can lead to penalties for the financial institution.

Uniting and Strengthening America by Providing Appropriate Tools Required to Intercept and Obstruct Terrorism (USA PATRIOT ACT) Act of 2001—defines what information can be made available to federal and local authorities for those suspected of terrorism or terrorist related activities. This act requires contacted institutions to respond within a specific timeframe to requests for information from databases.