Compliance
Many security vendors promote their products as
compliance solutions. However, there is no clear statement of what it means to be compliant, so selecting appropriate
solutions is not a straightforward job. Achieving compliance will depend on the country and industry that an
organisation operates in, and the kind of IT systems and applications that they are running
Sarbanes-Oxley
Sarbanes-Oxley, or SOX, is a piece of US legislation
that affects SEC registered companies. But increasingly, compliance with the requirements of SOX is being seen as a
sensible security measure for companies trading and listed here in the UK. Implementing the kinds of internal control
that SOX mandates delivers operating benefits in terms of process controls and management information. It also provides
a well understood auditable standard
Data Protection Act
The Data Protection Act applies to all UK organizations. It provides for the privacy of personal data by mandating that this data is gathered, held and processed fairly and lawfully. Personal data must be protected against unauthorized access, accidental loss destruction and so on. Similar legislation applies in other EU countries
Freedom of Information Act
The Freedom of Information Act applies to over 100,000
public bodies in England, Wales and Northern Ireland (Scotland has its own legislation). It provides a general right of
access to information held by these public authorities in the course of carrying out their public functions. This
requirement, and the need to respond to request for access requests within 20 days have a number of implications on the
way that documents, including email, are stored
Regulation of Investigatory Powers Act
Normally referred to as the RIP Act, this legislation
from 2000 supersedes the Interception of Communications Act of 1985. It provides a framework for the interception of
telecommunications and digital communications that has implications for any employer that enforces an email content
policy to protect against viruses, Spam and inappropriate content
There is a whole raft of other regulations. Some, like the Financial Services and Markets Act and the Basel II Accord,
are specific to certain industries. Others, like the EU Data Retention Directive have yet to come into force. One thing
is certain, charting a course through these sometimes conflicting requirements can be a confusing and frustrating
experience without impartial advice
MIS has helped a wide range of customers to meet their compliance goals, ranging from large financial services
companies to small law firms
For more information please e-mail marketing@mis-cds.com or call 01622 723456
