Complying with Regulations

Compliance with new regulations
does not have to be
an insurmountable hurdle

As federal, state and local governments continue to expand their regulatory reach, businesses are often faced with daunting compliance requirements. Rather than fall under the weight of new and complex rules, forward-thinking managers collaborate with their IT support provider to create efficient systems that meet compliance needs.

Whatever your industry, compliance issues always have an IT element- and that is where IT Consulting Bay Area UIS Technology Partners can help.
As your partner in technology, our goal is to maximize your efficiency at an affordable price.

Some of the regulations in which we can help your company comply:

HIPAA

Health Insurance Portability and
Accountability Act
(HIPAA) of
1996, also includes the Privacy
Rule and Security Rule.
Privacy Rule: Federal law that keeps your health information private from others. Sets limits on who can access your health information, whether it is electronic, written, or oral form.
Security Rule: Protects the electronic form of your health information, including personal information in your medical record, notes between your doctors and nurses, and health insurance and billing information.
For consumers: HIPAA protects your personal health information.
For covered entities: Health insurance companies, company insurance plans, HMO’s, Medicare/Medicaid, health care clearinghouses, clinics, hospitals, doctors, nurses, chiropractors, psychologists, dentists, pharmacies, and other health care providers must follow HIPAA regulations.
Sarbanes-Oxley

Public Company Accounting
Reform and Investor Protection
Act,
Corporate and Auditing
Accountability and
Responsibility Act, or ‘SOX’
of 2002.
On July 30, 2002, The United States Senate and House of Representatives enacted the Sarbanes-Oxley Act to enhance corporate responsibility and deter accounting fraud. This act protects shareholders and consumers from unethical financial practices. This act set new standards for all public organizations, both large and small. Regulated by the Securities and Exchange Commission (SEC), entities must store and provide specific records and financials for at least five years.
There are 11 titles in the Sarbanes-Oxley Act:
  • Public Company Accounting Oversight Board (PCAOB)
  • Auditor Independence
  • Corporate Responsibility
  • Enhanced Financial Disclosures
  • Analyst Conflict of Interest
  • Commission Resources Authority
  • Studies and Reports
  • Corporate and Criminal Fraud Accountability
  • White Collar Crime Penalty Accountability
  • Corporate Tax Returns
  • Corporate Fraud Accountability
Not only does this affect the Finance department, but it also affects the IT department as well. The IT department is responsible for developing an effective cost-saving method for storing and maintaining an entity’s financial records for at least five years.
FISMA

The Federal Information Security
Management Act
of 2002
This act requires federal agencies to strengthen information security and information systems to protect the United States Federal Government. This act enhances national security because it protects government information, operations, and assets. Agencies are checked by other agencies to ensure accuracy and safety of information. The head of each agency is required to create and implement policies and procedures for safe-handling of government information, as well as perform annual reviews based on the following nine steps:
  • Categorize the information to be protected
  • Select minimum baseline controls
  • Refine controls using a risk assessment procedure
  • Document the controls in the system security plan
  • Implement security controls in appropriate information systems
  • Assess the effectiveness of the security controls once they have been implemented
  • Determine agency-level risk to the mission or business case
  • Authorize the information system for processing
  • Monitor the security controls on a continuous basis.
GLBA

The Gramm-Leach-Bliley Act
(GLBA), also known as the
Financial Services
Modernization Act of 1999
Enacted on November 12, 1999, GLBA allows the consolidation and modernization of banking, securities, and insurance companies. It also includes provisions that require financial institutions to protect consumers’ personal information. This act was intended to overrule the Glass-Steagall Act of 1933, which prohibited institutions from acting as more than one entity. For example, The Glass-Steagall Act did not allow any one company to act as an investment bank, as well as an insurance company; however, the Gramm-Leach-Bliley Act now allows for the consolidation of the two, or any combination of more than one entity.
21 CFR Part 11

The Code of Federal
regulations Title 21, Part 11

allows electronic records and
electronic signatures to be
legitimate, when replacing
a handwritten signature
This act applies to any company that is required to submit documents electronically.
Part 11 states:
(a) The regulations in this part set forth the criteria under which the agency considers electronic records, electronic signatures, and handwritten signatures executed to electronic records to be trustworthy, reliable, and generally equivalent to paper records and handwritten signatures executed on paper.
(b) This part applies to records in electronic form that are created, modified, maintained, archived, retrieved, or transmitted, under any records requirements set forth in agency regulations.
(c) Where electronic signatures and their associated electronic records meet the requirements of this part, the agency will consider the electronic signatures to be equivalent to full handwritten signatures, initials, and other general signings as required by agency regulations.
PCI DSS

Payment Card Industry Data
Security Standard
was created
by the Payment Card Industry
Security Standards Council and
is comprised of American
Express, Discover Financial
Services, JCB International,
MasterCard Worldwide, and Visa
Inc
The goal was to prevent identity theft and fraud of personal information and credit cards. PCI DSS is a security standard that outlines the requirements to protect customer account information. This applies to all merchants who process any cardholder information from the above mentioned credit brands.
Objectives for PCI DSS:
Build and maintain a secure network
Protect cardholder data
Maintain a vulnerability management program
Implement strong access control measures
Regularly monitor and test networks
Maintain an information security policy

Would you like to discuss your compliance needs?
Do you have a different need?