Search by Keyword

Need help getting to the cloud? Just search for a specific topic that you're looking for help on.

I have regulatory requirements for retention. Can savvisdirect help?

There are a number of regulatory requirements governing data and file storage.  See how Laptop, PC and Mobile Backup from savvisdirect measures up:


Quick Reference Guide to regulatory requirments

 

Regulation

Compliance

Covered?

Yes

N/A

  1. HIPAA (Health Insurance Portability and Accountability Act)
  2. EU Annex 11
  3. The Gramm-Leach Bliley Act
  4. PCI DSS
  5. CA Assembly
  • Make data backups

 

  • Establish access controls based on job responsibilities

 

  • Log successful access attempts to mission-critical resources

 

  • Limit unsuccessful user ID login attempts after consecutive unsuccessful tries

 

  • Require authentication

 

  • Enable system events (logging)

 

  • Encrypt information

 

 

  • Keep data physically and electronically secure from unauthorized access (implement security tools to prevent malicious attacks or detect intrusions, restrict Internet access to DMZ)

 

6- Sarbanes-Oxley Act

  • Establish access controls based on job responsibilities

 

  • Log successful access attempts to mission-critical resources

 

  • Require authentication

 

  • Enable system events (logging)

 

  • Keep data physically and electronically secure from unauthorized access (implement security tools to prevent malicious attacks or detect intrusions)

 

  • Data retention:  7 years retention for audit reports and related materials

 

  • Encrypt information

 

7- EU Data Protection Directive (EUDPD)

  • Make data backups

 

  • Establish access controls based on job responsibilities

 

  • Require authentication

 

  • Enable system events (logging)

 

  • Encrypt personal  information

 

 

8 - Canada’s Personal Information

Protection & electronic

Data Act (PIPEDA)

  • Make data backups

 

  • Establish access controls based on job responsibilities

 

  • Require authentication

 

  • Enable systems events (logging)

 

  • Encrypt information

 

 

9 -  Basel II Capital Accord

  • Make data backups

 

  • Archiving , retrieval and restoration capabilities should be in place

 

  • Long term data retention (3-7 years of data history)

 

  • Enable system events (logging)

 

10 - MA 201 CMR 17

  • Data Encryption

 

1 1- Health Information Technology for Economic and Clinical Health Act (HITECH)

  • Data destruction

 

 

  • Data Encryption

 

12 - Federal Information Management Act (FISMA)

  • Categorize the information to be protected

 

  • Select minimum baseline controls

 

  • Refine controls using a risk assessment procedure

 

  • Document the controls in the system security plan

 

  • Implement security controls in appropriate information systems

 

  • Assess the effectiveness of they have been implemented

 

  • Determine agency level risk to the mission or business case

 

 

  • Authorize the information system for processing

 

  • Monitor the security controls on a continuous basis

 

13 – Expedited Funds Availability Act (EFA)

14 – Federal Energy Regulatory Commission (FERC)

15 – Financial Industry Regulatory Authority (FINRA)

  • Business Continuity

 

  • Disaster Recovery Plan

 

16 – Securities and Exchange Commission (SEC) 17- a 3,4

  • Make data backups

 

  • Data encryption

 

  • Data retention

 

 

How Useful Was This To You?

2.666665
Average: 2.7 (3 votes)