Miscellaneous

Abstract: As email has become more critical in the business world, many companies are weighing the question of how long it should be retained, what should be done with it, and when it should be deleted. The answer depends on many issues, particularly when one considers the varying regulations and business situations that might demand emails to be archived for long periods of time. This white paper examines the reality of records retention and email archiving, focusing on the process of developing an effective retention policy and automating solutions to enforce rules and satisfy retention obligations. Contoural will also recommend best practices for email retention and real world examples.

pdf Six Critical Steps to Managing Electronically Stored Information (part 1)

Abstract: Litigation always, has been, and will continue to be, a reality of doing business. What is changing, however, is discovery and its focus on electronically stored information (often abbreviated ESI). Recent amendments to the Federal Rules of Civil Procedure concerning the discovery of ESI coupled with the explosive growth of electronically stored documents are exposing organizations to new risks and costs during litigation and
the subsequent discovery.

pdf Six Critical Steps to Managing Electronically Stored Information (Part 2)

Abstract: Once an organization has become litigation ready by creating an ESI survey data map, implementing a records retention and deletion process, and establishing a litigation hold process, additional steps can be taken to further prepare for legal actions. A regular process must be implemented to clean up unnecessary accumulated electronic documents, document custodians must be prepared to act as witnesses in court, and processes must be regularly revisited and updated. Although no process will perfectly prepare an organization for litigation, implementing these key elements will go a long way toward reducing risks and lowering costs of future litigation.

pdf 10 Best Practices for Archiving

Abstract: Although data privacy and identity theft have a higher profile in the minds of consumers, data retention issues can have a far greater financial impact on businesses. Every company, whether public or private, large or small, must have a policy and enforcement system to deal with the messages and files generated by the organization every day. E-mail has become especially important, since it has become the dominant form of business communication. Data retention policies generally exist to allow companies to comply with regulations or address legal entanglements. But although most companies understand the need for such a policy, few have reliably implemented it: Osterman Research shows that although 43% of surveyed companies had a policy for e-mail retention, only 12% automated compliance with an archiving solution. The rest presumably rely on backup systems and end-user habits to protect e-mail, neither of which is a reliable option. Legal experts tell us that having a policy that is not enforced causes greater harm during litigation than having no policy all.

pdf Ten Essential Elements of a Successful Electronic Records Retention and Destruction Program

Abstract: Organizations today are finding themselves under increasing pressure, both legal and regulatory, to properly retain or delete documents. While policies and procedures for paper records may seem adequate, many companies find it difficult to translate those policies and requirements to electronically stored information (ESI) such as e-mail messages and electronic document files. This white paper outlines 10 key elements that must be put into place - and kept up-to-date - as foundations of a successful electronic records retention and destruction program:

default Securing the MS Cloud

Attached is a white paper released by Microsoft discussing its Information Security management System and its alignment with ISO 27001.As you may all know eFortresses was the firm that was called in to build the ISMS for the GFS (Global Foundation Services) that was eventually certified to ISO 27001.This white paper clearly spells out the direction Microsoft is going and the importance of ISO 27001 in the industry. It is also a great business case that you can use in your organizations if you have not already made that decision or if you are still reviewing your options in regards to securing your environment. If you are already implementing ISO 27001, this is another data point that shows you are going in the right direction.

pdf Whitepaper - 27K Shared Assessment

Outake: This document is intended to assist members of the Financial Institution Shared Assessments Program and others in using the Agreed Upon Procedures and understanding how they relate to industry regulations, as well as to deepen their understanding of the program. This document is provided by BITS, The Santa Fe Group and BSI "as is" and any express or implied warranties are disclaimed.

ISO/IEC 27001: The future of infosec certification

Abstract: ISO/IEC certification allows organizations to build an effective Information Security Programme that addresses current and future regulatory compliance requirements in a sustainable and cost-effective fashion. To access the full document click on the link above.

Combining Information Technology Standards to Strengthen Network Security

Abstract: The recent wave of high-profile security breaches has indicated to a number of corporations that they need to have a Statement on Auditing Standards (SAS) No. 70 audit and/or an International Organization for Standardization (ISO) certification to strengthen network security.

pdf Aline's Enterprise Risk Management (ERM) Solution
Aline's ERM Solution enables the construction of self-sustaining and self-paced Risk Management Programs, right-sized to your corprate needs, bandwidth,urgency and budgets. It employs a modular approach to allow your program to be built in phases and reach the proper level of maturity.

pdf MSC Software Corporation

When the Director of Internal Audit was hired, he immediately knew he needed a tool to help him standardize and consolidate all of the data needed for Sarbanes-Oxley and Internal Audit. He also wanted a solution that was extendable to a comprehensive GRC solution, as the company moved toward Performance Improvement and IT Strategy initiatives.

pdf Reliant Pharmaceuticals
Reliant Pharmaceuticals was preparing for a pending IPO to occur during the fall of 2007. With such a significant event underway, Internal Control over Financial Reporting (ICFR)
was top of mind for the company's management team, Board of Directors, and the Internal Audit department.

pdf Complete Production Services, Inc
Complete Production had been outsourcing their SOX compliance work to a local team of consultants. The consultants had set up Complete Production's original testing strategy and was about to perform all of the agreed upon testing. There were over 600 controls and vast amounts of Word, and Excel documents residing in eight locations throughout the country,so the task was formidable at best.

pdf Five Ways to Reduce Your Audit Tax Taxes are certainly not fun, but there is something worse: an audit. Combine the two in a risk and compliance scenario and you have the onerous "audit tax," a figurative term used to describe the expenses a company incurs when deploying resources and manpower to satisfy the burgeoning set of internal and external compliance and audit mandates. The good news is that there are ways to reduce the audit tax burden. This whitepaper outlines five methods organizations should consider to streamline their compliance efforts and thereby reduce their audit tax.

pdf IT GRC: Managing Risk, Improving Visibility, and Reducing Operating Costs For all organizations with current or planned initiatives in the area of IT governance, risk management, and compliance (IT GRC), this report describes the policy, planning, process, and organizational elements of successful implementations. Companies with top results position themselves to make better-informed business decisions, in the context of the organization's requirements for compliance and also their appetite for risk.

pdf Achieving PCI DSS v1.2 Compliance with Lumension Lumension's portfolio of operational endpoint security solutions addresses these PCI DSS compliance challenges by delivering data protection, full cycle vulnerability management including compliance reporting as well as innovative endpoint protection.

pdf Achieving HIPAA Security Rule Compliance with Lumension Healthcare organizations face a host of HIPAA Security Rule compliance challenges with the move to put patient medical records online.Lumension helps organizations address these compliance challenges by providing the proactive risk management and the required audit readiness to meet many aspects of the HIPAA Security Rule.

pdf Achieving NERC Cyber Security Standards Compliance with Lumension The North American Electric Reliability Corporation(NERC) is a non-profit corporation chartered to ensure that the bulk electric system in North America is reliable, adequate and secure. Lumension addresses NERC compliance challenges and ensures audit-readiness by delivering end-to-end vulnerability management, endpoint protection and data protection solutions.

pdf Massachusetts Data Protection Law By January 1, 2010, all organizations with operations and/or customers in the state of Massachusetts will be required to follow comprehensive information security requirements regarding both paper and electronic records containing personal information. These requirements include enforcing password security, encrypting all personal information stored on laptops and removable devices and ensuring up-to-date firewall protection, operating system patches and the latest versions of security agent software. Read this whitepaper to learn how your organization can meet the necessary requirements and improve its security practices.