Regulatory Challenges
Under new and existing regulatory initiatives, organizations
are required to scrupulously and continuously comply with evolving
data security standards. Safend has tailored its Auditor and
Protector solutions specifically to organizations concerned
about achieving or maintaining compliance with regulations such
as HIPPA, SOX, GBLA, PIPE, DPA and others.
Safend Solutions
All regulatory initiatives dealing with personal and confidential
information protection presuppose complete organizational control
of network activity. These standards demand ongoing and highly-granular
visibility into exactly what users are doing, and immediate
remedy of breaches with a clear audit trail.
Nowhere is regulatory compliance more at risk than at the
endpoint. Organizations that spend months (and millions) on
in-depth compliance consulting, process documentation, and compartmentalized
access control can face litigation or regulatory sanctions when
a trusted employee copies personal medical records onto a USB
key, or downloads financial information onto an MP3 player.
Safend solutions provide organizations with both the visibility
and control needed to achieve and maintain compliance – delivering
highly-granular control over who does what with sensitive data,
and ensuring that every single endpoint data action is always
in-line with relevant regulations and company policy.
Relevant Legislation
Safend solutions can help your enterprise meet the requirements
of the following legislation acts:
HIPAA (US)
In 1996, Congress enacted the Health Insurance Portability
and Accountability Act (HIPAA). A key goal of HIPAA is to
protect medical records by establishing transaction standards
for the exchange of health information, security standards,
and privacy standards for the use and disclosure of individually
identifiable health information.
More information on HIPAA
SOX (US)
The Sarbanes-Oxley (SOX) Act of 2002 was developed to
protect investors by improving the accuracy and reliability
of corporate disclosure. Section 404 of the Act requires
all public companies to assess and report on the effectiveness
of internal controls and procedures for financial reporting,
including access and dissemination of sensitive financial
information.
More information on SOX
GBLA (US)
The Gramm-Leach-Bliley Act, also knows as GBLA, seeks
to protect the personal information of consumers stored
in financial institutions. The Act requires all financial
institutions to implement and maintain security measures
to protect customer information and prevent unauthorized
access and use of customer records.
More information on GBLA
PIPED (Canada)
The Personal Information Protection and Electronic Document
Act mandates that appropriate security measures be applied
to personal data obtained on the course of commercial transactions.
SB 1386 (California, US)
The California Information Practice Act or Senate Bill
1386 that went into affect on July 2003 requires state agencies
or companies that conduct business in California and own
or license computerized personal information, to disclose
any breach of security to any resident whose unencrypted
data is believed to have been disclosed.
More information on SB 1386
95/46/EC (Europe)
European Union Directive 95/46/EC is a sweeping European
Parliament directive designed to protect individuals from
unregulated personal data access or transfer.
More information on 95/46/EC
DPA (UK)
The Data Protection Act mandates that the processing
of sensitive personal data should be carried out with appropriate
security in the interests of protecting the individual rights
and privacy. DPA prohibits the disclosure of personal data
to any third party without the explicit consent of the targeted
subject.
More information on DPA
|
Safend
Compliance Solutions