Sarbanes-Oxley (SOX)

Sarbanes-Oxley (SOX), which focuses on the processes and accountability for financial reporting in US publicly-traded companies, has a significant impact on how affected organizations need to approach internal IT security.

The fact that SOX makes senior company executives personally responsible for signing-off and therefore accepting liability for these internal controls makes it vital that organizations are clear on what they need to do to comply with the regulations.

When it comes to the use of mobile computing and portable storage devices, Sarbanes-Oxley demands that organizations must be able to demonstrate effective policies, processes and controls over:

• The types of device that can be used
• Who can use what types of device
• Who should own the devices
• What kinds of information can and cannot be stored on devices
• What form of enforcement is in place to manage device use

Writing the required policy is an obvious first step, but to fully comply with Sarbanes-Oxley, the company must be able to demonstrate that this policy is being adhered to across the enterprise.

DeviceWall helps you meet Sarbanes-Oxley obligations

• Defining what devices can be used by whom and automatically blocking all unauthorized device connections
• Ensuring that mobile devices are protected both when on the corporate network and away from it
• Demonstrating the effective enforcement of the above requirements
• Creating a full audit trail of all policy changes, updates, new deployments and temporary exceptions

DeviceWall further reduces the cost and effort of complying with regulations such as Sarbanes-Oxley by:

• Automatically reflecting your established domain and Active Directory groups
• Fast, remote deployment to all PCs on the local and wide area networks
• Only blocking dangerous devices, not keyboards, mice
• Providing temporary access rights to maximize business productivity
• Promoting user acceptance with customizable on-screen dialogs and notifications

HIPAA

The Health Insurance Portability & Accountability Act (HIPAA) was passed in 1996 and, among other things, establishes a range of obligations for any organization handling medical records. The regulation is designed to ensure the privacy and security of this vitally-sensitive information.

HIPAA demands that all IT devices capable of storing medical records are proactive managed by the organization, to prevent the possible misuse of such information. And with the proliferation of laptops, PDAs and other mobile IT devices in the workplace, organizations need re-think how they define and enforce IT security policies.

Using DeviceWall to meet HIPAA obligations

Centennial DeviceWall can help you address the rising threat of portable storage devices on the corporate network and meet key Technical Safeguards standards outlined in the HIPAA Security Rule:

• Automatically block all unauthorized device connections to company PCs
• Stop the transfer of data from the network and PCs to unknown devices
• Create a full audit trail of all policy changes, distribution and temporary access sessions
• Allow individuals and groups to access different types of devices based on their legitimate business needs

DeviceWall further reduces the cost and effort of complying with regulations including HIPAA by:

• Automatically reflecting your established domain and Active Directory groups
• Fast, remote deployment to all PCs on the local and wide area networks
• Only blocking dangerous devices, not keyboards, mice
• Providing temporary access rights to maximize business productivity
• Promoting user acceptance with customizable on-screen dialogs and notifications

Data Protection Act (UK)

The Data Protection Act (DPA) affects every organization operating in the United Kingdom. Key to the DPA is Principle Seven, which states that firms must have in place the appropriate technical and organizational security measures to fully protect the personal data it processes and stores.

The DPA requires that IT Security Managers should be able to demonstrate effective controls to prove that they have effective policies and means of enforcement in place to prevent the malicious or accidental disclosure of sensitive information.

Failure to provide adequate security measures can result in prosecution by the Information Commissioner’s Office.

Using DeviceWall to meet DPA obligations

DeviceWall helps organizations both create and enforce security policies to manage the use of portable storage devices in the workplace and off-site mobile IT assets.

DeviceWall will help you comply with DPA by:

• Defining what portable storage devices can be used by whom – and automatically blocking all unauthorized device connections
• Ensuring that mobile devices are protected both when on the corporate network and away from it
• Demonstrating the effective enforcement of the above requirements
• Creating a full audit trail of all policy changes, updates, new deployments and temporary exceptions

DeviceWall further reduces the cost and effort of complying with regulatory obligations by:

• Automatically reflecting your established domain and Active Directory groups
• Fast, remote deployment to all PCs on the local and wide area networks
• Only blocking dangerous devices, not keyboards, mice
• Providing temporary access rights to maximize business productivity
• Promoting user acceptance with customizable on-screen dialogs and notifications