ComplianceHome: SOX Resources
ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, COOP & COG, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products.

• FSA Signals Tougher Vetting Requirements for Approved Persons Warns Pre-Employment Screening Company Powerchex
  The Financial Services Authority (FSA) has today published a consultation paper (CP) that clarifies the FSAs expectations of those within firms that perform a significant influence functions. The CP proposes several significant amendments to the FSA handbook. In a move reminiscent of the Sarbanes Oxley legislation in the US, the FSA vows to pursue cases against individuals who breach the FSAs Principles and the Code of Practice for Approved Persons. The FSA has made a strategic decision to investigate more individuals says Alexandra Kelly, MD of City pre-employment screening company Powerchex, they (the FSA) believe that this increased scrutiny will discourage questionable individuals from applying for significant management roles within the industry.
• Obama Keen to Regulate Finance
  President-elect Barack Obama said Thursday that remaking the nation's financial regulatory system will be one of his first initiatives, and he pledged to streamline authority, consolidate agencies and spread financial oversight far beyond the banking system. New regulations are likely to fall on financial institutions currently seeking federal assistance that are either lightly regulated or not regulated at all, Obama aides said. Mortgage brokers are under particular scrutiny, as are hedge funds and private-equity firms. Mr. Obama, who introduced his financial-regulatory team Thursday, hinted at consolidating the hodgepodge of financial regulators, including the Securities and Exchange Commission and the Commodity Futures Trading Commission. One focus will be revamping the system so that financial firms can no longer shop around for regulatory agencies that offer the lightest possible touch, an Obama aide said.
• Discover, Monitor, and Protect Your Confidential Information
  Speaking at this years FSI Executive Summit in Las Vegas, Steve Roop, Senior Director of Data Loss Prevention at Symantec, got his audiences attention right off the bat when he asked, Did you know that 96% of data leaks are accidental? Roop went on to say that whereas securing the network from hackers was the #1 data security priority as recently as a few years ago, today the real threat stems from faulty business processes and employee oversight. Thats why an estimated 215 million records have been breached just since 2005, and no one is immune, he said. Citing Symantec estimates, Roop said that one out of every 50 network files is wrongly exposed, one out of every 400 emails contains confidential information, and that four out of five companies have lost data on laptops.
• MailMarshal Exchange aids HR professionals by enforcing security policies on all email traffic
  Marshal8e6, has launched its internal email filtering solution for Microsoft Exchange 2003 and 2007. MailMarshal Exchange inspects the content of all email traffic passing through a companys Microsoft Exchange Server to stop inappropriate content, malware and confidential information circulating internally. Industry regulations including the Data Protection Act, Securities and Exchange Commission (SEC), Health Insurance Portability and Accountability Act (HIPAA) and Sarbanes-Oxley Act (SOX) include requirements for controlling the distribution of information. This corporate governance includes the management of email communication between employees.
• Repeal Sarbanes-Oxley--Lock, Stock And Barrel
  The Sarbanes-Oxley Act (SOX) was the most important political response to the collapse of Enron and several other large corporations early in this decade. My own evaluation of this act is much like that by my colleague Alan Reynolds, who described SOX as
• Asset Managers to Face New Regulatory Challenges in 2009
  Financial industry analysts are anticipating a wave of new regulations to come out of this financial crisis, but with any luck, mutual funds will escape a direct hit.
• IT systems analytics become more crucial as cloud and SaaS adoption raises complexity bar
  Software-as-a-service (SaaS) and cloud computing are changing the nature of IT systems performance requirements and heightening expectations for end users from online applications and services. Increasingly, an extended level of visibility, management, and performance will apply to those serving up applications as services, regardless of their hosting origins or models. The more the apps and services fulfill a need, the more the users will expect even better results and performance.
• DataPoint: SAS 70 Type II Certified
  Baltimore-based managed service provider DataPoint has announced its Tide Point colocation facility has achieved Statement on Auditing Standards Number 70 Type II certification, reassuring its business customers throughout the Mid-Atlantic region. Conducted over the last few months, by CBIZ MHM (www.cbiz.com) and Mayer Hoffman McCann P.C. (www.mhm-pc.com), the audit confirms that DataPoint meets the certification's exacting standards, according to its Thursday announcement.
• North Carolina Community Bank Selects Compliance Training From Edcomm Banker's Academy
  A North Carolina Community Bank has selected Focus on Compliance from Edcomm Banker's Academy. Along with Learning Link, Edcomm Banker's Academy's own LMS, the course will provide comprehensive banking compliance training for the entire organization. Focus on Compliance, from Edcomm Banker's Academy, provides all the compliance training needed for every employee at a Bank, Credit Union or Money Services Business (MSB). The program instructs employees about the procedures and policies vital to the banking industry and prepares them for a future in the financial marketplace.
• Just For The (Medical) Record
  This week has seen a number of announcements from the electronic medical record sector. eClinicalWorks says that RiverStone Health, which operates the largest Federally Qualified Health Center (FQHC) in Montana and serves residents in the Yellowstone valley area, has chosen eClinicalWorks unified electronic medical records (EMR) and practice management (PM) solution to streamline practice operations between four FQHCs employing 69 healthcare providers. In addition to the RiverStone Health clinic sites, the organization is hosting the eClinicalWorks system for three additional FQHCs in Montana: the Butte Community Health Center in Butte; Partnership Health Center in Missoula; and Cooperative Health Center in Helena. Providers will also have access to eClinicalWorks Enterprise Business Optimizer (eBO), Patient Portal and e-prescribing.
• Enforcing regulatory compliance standards with NAC
  NAC is often used as one tool for enforcing regulatory compliance standards and then proving that the standards were met. Vendors including Cisco, ConSentry, ForeScout, Mirage, StillSecure and others tout this compliance application of NAC in their marketing literature to attract customers. Its a legitimate use of the technology. Of course, customers have to be careful not to read into this that employing NAC means compliance with all of Sarbanes-Oxley or HIPAA or PCI requirements; it doesnt. It means they meet narrowly focused pieces of the regulations.
• How to Maximize Your IT Security Budget
  Sophisticated cyber criminals have followed businesses into the online world; they now can steal everything from intellectual property to credit cards en masse. And that's just the start! Add social security numbers, addresses, and other personally identifying information to the list and you can essentially reconstruct and hijack entire identities. What's worse is that cybercriminals benefit from anonymity: They can compromise entire databases of sensitive information and leave only a masked IP address behind as a trailand that trail often ends in a foreign country where both jurisdiction and law enforcement are limited.
• Wisconsin Community Bank Selects Compliance and Security Training