1 / 9

Evolving IT Framework Standards (Compliance and IT)

Evolving IT Framework Standards (Compliance and IT) . Sarbanes-Oxley. The United States has clear legislation for Compliance in Information Technology. It is called ‘Sarbanes-Oxley’ and here is the basis of that law…. Regulatory and Standards Compliance Sarbanes-Oxley.

zorion
Télécharger la présentation

Evolving IT Framework Standards (Compliance and IT)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evolving IT Framework Standards (Compliance and IT)

  2. Sarbanes-Oxley • The United States has clear legislation for Compliance in Information Technology. • It is called ‘Sarbanes-Oxley’ and here is the basis of that law…

  3. Regulatory and Standards Compliance Sarbanes-Oxley • The Sarbanes-Oxley Act of 2002 Establishes new standards for Corporate Boards and Audit Committees • Section 404: Management Assessment of Internal Control • Sarbanes compliance is based on effective and efficient business processes including IT environment, enabled by properly designed and implemented technology, executed by competent people • “Electronic paper trails" are necessary to ensure compliance • From an IT perspective, thekey to compliance is the documentation, monitoring, and management of the compliance control architecture

  4. Regulatory and Standards Compliance21 CFR Part 11 • 21 CFR Part11 - Electronic Records and Electronic Signatures • FDA specified its requirements for accepting electronic records in lieu of paper records • Requires IT to design and qualify networks and the associated infrastructure and to operate them in a compliant manner

  5. Regulatory and Standards ComplianceISO 17799 and BS7799 > ISO 27000 series • ISO/IEC 17799 “Information Technology – Code of Practice for Information Security Management” offers guidelines and voluntary directions for information security management. • BS7799-2:2002 “Information Security Management – Specification with Guidance for Use”is a standard specification for Information Security Management Systems (ISMS) • ISMS is the means by which Senior Management Monitor and control their security, minimizing residual business risk and ensuring that security continues to fulfill corporate, customer and legal requirements. It forms part of an organization’s internal control system.

  6. Regulatory and Standards ComplianceISO 17799 > ISO 27000 Series 132 Controls under 11 sections Major Headings • Security policy • Organization of information security • Asset management • Human resources security • Physical and environmental security • Communications and operations management • Access control • Information systems acquisition, development and maintenance • Information security incident management • Business continuity management • Compliance

  7. Regulatory and Standards ComplianceISO 17799 => ISO 27000 Series Section 5: Physical and Environmental Security (Objectives) • To reduce risks of human error, theft, fraud or misuse of facilities • To ensure that users are aware of information security threats and concerns and are equipped to support the corporate security policy in the course of their normal work • To minimize the damage from security incidents and malfunctions and learn from such incidents

  8. Regulatory and Standards ComplianceISO 17799 => ISO 27000 Series Section 6: Computer & Network Management (Objectives) • To ensure the correct and secure operation of information processing facilities • To minimize the risk of systems failures • To protect the integrity of software and information • To maintain the integrity and availability of information processing and communication • To ensure the safeguarding of information in networks and the protection of the supporting infrastructure • To prevent damage to assets and interruptions to business activities

  9. Regulatory and Standards ComplianceISO 17799 > ISO 27000 Series Section 9: Business Continuity and Disaster Recovery Planning (Objectives) • To counteract interruptions to business activities and interruptions to critical business processes from the effects of major failures or disasters

More Related