Are You Prepared for the Top Three Compliance Issues?

Are You Prepared for the Top Three Compliance Issues?

No matter what an enterprise’s major market is, it is probably subject to regulatory compliance requirements, such as PCI, SOX, FISMA and HIPAA. PCI requirements in particular demand a high level of auditability and controls. What’s more, regulatory agencies are cracking down with stiff penalties. For example, the Department of Health and Human Services’ Office for Civil Rights has levied penalties in its six resolution agreements for 2015 totaling about $6 million.

This trend is unlikely to slow down or reverse, so it’s important to be aware of the primary threats that could undermine compliance efforts. The top three such issues are discussed below.

Privileged access management (PAM) will continue to be a compliance nightmare. In fact, privileged and logical access controls continue to cause the most audit infractions. One of the main reasons for this is the fact that more companies are outsourcing tech support, and more companies are employing remote workers. Both of these groups must be granted remote access to an organization’s production environment and highly sensitive information in order to do their jobs. This access also includes machines talking to other machines in an automated fashion.

Read Also:
Startups Need Business Analytics

Though third-party access is necessary within the enterprise, managing this access often comes as an afterthought in the organization’s overall security strategies and postures. The 2014 U.S. State of Cybercrime Survey revealed some dangerous trends on this topic:

- 70 percent of enterprises enter into contracts with external vendors without having conducted any security checks

- Only 44 percent of enterprises put forth the effort to vet the security of third-party providers and others in their IT supply chain

Third-party and vendor contract agreements may help companies enforce better security and privacy controls, but these actions may not exclude organizations from accountability and responsibility as it relates to a security breach.

HIPAA/HITECH can be described as Sarbanes-Oxley (SOX-404) on steroids.Organizations may have to comply with PCI, FISMA, SOX, BASEL III or other regulations, but none of these are a match for the HIPAA/HITECH tidal wave in terms of severity. The U.S. federal government (Health and Human Services, Office for Civil rights) is more active than ever in enforcing this law and is levying harsher fines with greater frequency for noncompliance.

Read Also:
Two critical data challenges and how to overcome them

Auditors are concentrating their firepower on the areas that healthcare providers have failed at most often in the past and are levying massive fines for noncompliance. Targeted areas include:

Organizations will need to be cautious about ensuring that any business or market expansion into an area covered by HIPAA is adequately compliant to avoid being hit with heavy fines.

Sarbanes-Oxley (SOX) requires public companies in the U.S. as well as foreign companies listed on U.S. exchanges to assess their internal controls, have that assessment validated by an external auditor and report the assessment to the SEC. Information security professionals need to ensure that their organization complies with requirement in Section 302 and Section 404 of the legislation.

Sarbanes-Oxley (SOX-404) and internal controls remain the most critical on the financial industry compliance horizon. Financial industry compliance challenges include Annual Financial and SSAE-16 audit requirements.;



HR & Workforce Analytics Summit 2017 San Francisco

19
Jun
2017
HR & Workforce Analytics Summit 2017 San Francisco

$200 off with code DATA200

Read Also:
How to secure your IoT devices from botnets and other threats
Read Also:
The Periodic Table of Data Science

M.I.E. SUMMIT BERLIN 2017

20
Jun
2017
M.I.E. SUMMIT BERLIN 2017

15% off with code 7databe

Read Also:
Healthcare Data Storage Options: On-Premise, Cloud and Hybrid Data Storage

Sentiment Analysis Symposium

27
Jun
2017
Sentiment Analysis Symposium

15% off with code 7WDATA

Read Also:
Not up for a data lake? Analyze in place

Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

28
Jun
2017
Data Analytics and Behavioural Science Applied to Retail and Consumer Markets

15% off with code 7WDATA

Read Also:
Going with the stream: unbounded data processing with Apache Flink

AI, Machine Learning and Sentiment Analysis Applied to Finance

28
Jun
2017
AI, Machine Learning and Sentiment Analysis Applied to Finance

15% off with code 7WDATA

Read Also:
The Periodic Table of Data Science

Leave a Reply

Your email address will not be published. Required fields are marked *