Organizations are under more stringent obligations than ever to manage and protect their data. Meeting these requirements is a significant challenge – as is demonstrating that your organization is on the right side of compliance. Desktop Cop can help alleviate the regulatory labyrinth by helping you:
- Build Effective Security Policies (NCUA,FDIC, HIPAA)
- Define device usage and encryption (SOX, HIPAA)
- Block unauthorized device connections (SOX)
- Block unencrypted data from escaping (GLBA, HIPAA)
- Protect credit card data (PCI)
- Detect and Log Violations (ALL)
- Protect remote laptops (ALL)
Some specific regulatory acts addressed are:
- SOX organizations must be able to demonstrate effective policies, processes and controls over: the types of device that can be used; who can use what types of device; who should own the devices; what types of information can and cannot be stored on devices; what form of enforcement is in place to manage device use.
- GLBA financial institutions are required to: ensure the security and confidentiality of customer information; protect against any anticipated threats or hazards to the security or integrity of such information; protect against unauthorized access to or use of customer information that could result in substantial harm or inconvenience to any customer or member; and, describe how they will protect the confidentiality and security of your information
- NCUA Rules and Regulations §748.0 requires each federally-insured credit union to develop a written security program that must strive to ensure the security and confidentiality of member records, protect against anticipated threats or hazards to the security or integrity of such records, and protect against unauthorized access to or use of such records that could result in substantial harm or serious inconvenience to a member
- FDIC regulations require that banks develop and follow a security program that protects customer data against unauthorized access or publication
- HIPAA establishes a range of obligations for any organization handling medical records. The regulation is designed to ensure the privacy and security of this vitally-sensitive information. HIPAA demands that all IT devices capable of storing medical records are proactively managed by the organization, to prevent the possible misuse of such information.
- PCI Data Security Standards for data security apply to all members, merchants, and service providers that handle, transmit, store or process credit card information
