Related links
 
     
877-IT-Outsource (877-486-8876)
 
 
Contact US
 

 
     
Calculate IT Support Savings
 
 
Home > Find Your IT Solution > Complying with Regulations

Regulatory Growth Requires Innovative IT Support - IT Outsourcing California 

Compliance with new regulations does not have to be an insurmountable hurdle

As federal, state and local governments continue to expand their regulatory reach, businesses are often faced with daunting compliance requirements.  Rather than fall under the weight of new and complex rules, forward-thinking managers collaborate with their IT support provider to create efficient systems that meet compliance needs.

Whatever your industry, compliance issues always have an IT element- and that is where IT Consulting Bay Area UIS Technology Partners can help.  As your partner in technology, our goal is to maximize your efficiency at an affordable price.

Below are some of the regulations in which we can help your company comply.

HIPAA

Health Insurance Portability and Accountability Act (HIPAA) of 1996, also includes the Privacy Rule and Security Rule.

Privacy Rule:  Federal law that keeps your health information private from others.  Sets limits on who can access your health information, whether it is electronic, written, or oral form.

Security Rule:  Protects the electronic form of your health information, including personal information in your medical record, notes between your doctors and nurses, and health insurance and billing information. 

For consumers:  HIPAA protects your personal health information.

For covered entities:  Health insurance companies, company insurance plans, HMO’s, Medicare/Medicaid, health care clearinghouses, clinics, hospitals, doctors, nurses, chiropractors, psychologists, dentists, pharmacies, and other health care providers must follow HIPAA regulations.

Sarbanes-Oxley

Public Company Accounting Reform and Investor Protection Act, Corporate and Auditing Accountability and Responsibility Act, or ‘SOX’ of 2002.

On July 30, 2002, The United States Senate and House of Representatives enacted the Sarbanes-Oxley Act to enhance corporate responsibility and deter accounting fraud.  This act protects shareholders and consumers from unethical financial practices.  This act set new standards for all public organizations, both large and small.  Regulated by the Securities and Exchange Commission (SEC), entities must store and provide specific records and financials for at least five years. 

There are 11 titles in the Sarbanes-Oxley Act:

  • Public Company Accounting Oversight Board (PCAOB)
  • Auditor Independence
  • Corporate Responsibility
  • Enhanced Financial Disclosures
  • Analyst Conflict of Interest
  • Commission Resources Authority
  • Studies and Reports
  • Corporate and Criminal Fraud Accountability
  • White Collar Crime Penalty Accountability
  • Corporate Tax Returns
  • Corporate Fraud Accountability

Not only does this affect the Finance department, but it also affects the IT department as well.  The IT department is responsible for developing an effective cost-saving method for storing and maintaining an entity’s financial records for at least five years. 

FISMA

The Federal Information Security Management Act of 2002.

This act requires federal agencies to strengthen information security and information systems to protect the United States Federal Government.  This act enhances national security because it protects government information, operations, and assets.  Agencies are checked by other agencies to ensure accuracy and safety of information.  The head of each agency is required to create and implement policies and procedures for safe-handling of government information, as well as perform annual reviews based on the following nine steps:  

  • Categorize the information to be protected
  • Select minimum baseline controls
  • Refine controls using a risk assessment procedure
  • Document the controls in the system security plan
  • Implement security controls in appropriate information systems
  • Assess the effectiveness of the security controls once they have been implemented
  • Determine agency-level risk to the mission or business case
  • Authorize the information system for processing
  • Monitor the security controls on a continuous basis

GLBA

The Gramm-Leach-Bliley Act (GLBA), also known as the Financial Services Modernization Act of 1999.

Enacted on November 12, 1999, GLBA allows the consolidation and modernization of banking, securities, and insurance companies.  It also includes provisions that require financial institutions to protect consumers’ personal information.  This act was intended to overrule the Glass-Steagall Act of 1933, which prohibited institutions from acting as more than one entity.  For example, The Glass-Steagall Act did not allow any one company to act as an investment bank, as well as an insurance company; however, the Gramm-Leach-Bliley Act now allows for the consolidation of the two, or any combination of more than one entity. 

21 CFR Part 11

The Code of Federal regulations Title 21, Part 11 allows electronic records and electronic signatures to be legitimate, when replacing a handwritten signature.  This act applies to any company that is required to submit documents electronically.

Part 11 states:

(a) The regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.

(b) This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations.

(c) Where electronic signatures and their associated electronic records meet the requirements of this part, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations.

PCI DSS

Payment Card Industry Data Security Standard was created by the Payment Card Industry Security Standards Council and is comprised of American Express, Discover Financial Services, JCB International, MasterCard Worldwide, and Visa Inc.  The goal was to prevent identity theft and fraud of personal information and credit cards.  PCI DSS is a security standard that outlines the requirements to protect customer account information.  This applies to all merchants who process any cardholder information from the above mentioned credit brands.

Objectives for PCI DSS:

  • Build and maintain a secure network
  • Protect cardholder data
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Maintain an information security policy

 

 

 

 

Would you like to discuss your compliance needs? Do you have a different need? Contact us, we can help!