Tag Archives: Sarbanes Oxley

Cloud Computing Compliance and Industry Standards

Though cloud computing is known as a trendy technology, it is not in any way new in the computer networking field. The truth is that telecommunication companies were the first cloud service providers and they established some expectations for customers as well as industry standards for the past decades. Fast forward to 2015, the expectations remain unchanged; the standards of the cloud computing industry has been similarly modelled as in the Telcos, with some additions that are triggered by nature of operations and the transaction types that occur in the new cloud applications.

Definition of standard may be linked to the type of cloud computing in use. The cloud may be public, hybrid or private clouds. Also, the mandate around the private clouds requires loyalty to defined process and well established control frameworks. Documentation, backup controls, and Service Level Agreements (SLAs), as well as infrastructure libraries for service management and business integration must be made available. In the public cloud, there must be adherence to established frameworks as well provision for audits under various compliance acts.

Standards adopted may be determined based on the type of industry. The industrial standard may be dictated by the country or segment of operation and industrial vertical. For instance, the health care industry will be governed by HIPAA, while Sarbanes Oxley governs the financial industry in the USA and Canada. There may be sets of requirements and regulation by the industry itself for access control, security, protection of data, segregation of duties and lots more. The requirements for SLA may differ from one segment to another based on the amount of data processed, company size, and the kind of data. The regulation of the country, where the the company (or industry and/or service provided) is located may have an influence on the kind of standards adopted. Current tools and the available processes will also affect the standards adopted for the cloud. Implemented standards. You will need to consider customers and/or industry practises inside and outside the company / industry at the same time to refine the standards that should be implemented.

The current standards or requirements already established by vendors globally will have a huge impact on the standardisations and expectations. This is always obvious when software usage and licensing is involved. Industries need to always be mindful of the restrictions as well as the components that are not defined clearly; and also create practises that will not lead to unforeseen expenses, any kind of violations or breaches. For the fact that cloud is a combination of variety of technologies, standards need to be followed strictly, along with integrated compliance standards that may come up in the context.

In fact, cloud computing service providers must always investigate important areas for compliance and determine the minimum expectations from the regulatory authorities, clients, and competitors within the industry vertical.

How Compliance Affects on Data Protection Strategies?

An organisation that is using data archiving software should give value to result oriented practises while designing policies for data archiving. No doubt, compliance plays an important role when policies are formed. It is the requirement that forces to conform to the rules and regulations. However, the rules and regulations may depend on the nature of business:

– In Specification or Standards — when a particular standard is adhered to, like Payment Card Industry (PCI) or International Organisation for Standardisation (ISO) protection standards;

– In Regulatory — when the need is linked with specific type of compliance, such as HIPAA or Sarbanes-Oxley;

– In Legal — when the need is linked with specific data for investigation purposes or e-discovery.

Financial or medical industries are regulated more specifically than a small franchise in other service areas, which for instance, needs to follow PCI standards. However, such a franchise — or any business for that matter — must have some policies in place for legal and e-discovery.

Three basic considerations must be defined in order to determine how certain data should be archived and/or when the data should expire:

– Type of data – how important that data is for the organisation;

– Time period required for data protection – how long should the data be kept active;

– When archived data should be deleted.

In fact, compliance is the basis of data storage. Archives contain only a few relevant files for BDR. It is ridiculous to save short-term records as drafts or logs. If you have decided on what type of data is needed to be backed up, the next task is to check the required time period for keeping the protected data. For instance, IRS demands to keep documents related to tax protected for at least 7 years.

When a specific data is no more needed, it is time to remove the archived data. Most do not even bother to delete data as cloud backup is cheaper and is simpler solution for maximum data protection. Due to business continuity and compliance management, data is considered as valuable commodity. Data can be stolen to damage the reputation of a company; therefore, companies must keep backup of all files and documents, whether needed or not. This is one of the reasons why businesses have huge bulk of data stored in the cloud.

Though holding valuable data as backup helps during recovery process, but keeping expired data might cause many legal problems for companies. Federal regulations demand specific type of data to be retained if a company is charged for any wrong doing. Litigation experts claim that keeping unnecessary data beyond the required date may cause more problems for companies. More resources will be required to sift through the data. Furthermore, more data means, more chances of vulnerability. Companies must design and follow a policy for destruction of irrelevant data to avoid legal consequences.

Current legislation that demands proper procedures, as well as policies, also needs to have formal record of all data destruction and retention policies. Moreover, such policies are used as record to court that certain data no longer exist.
It is time to think about compliance as no organisation even desires to be charged for not following the law. When right compliance kit and compliance management is selected, companies can avoid legal issues.

Should Healthcare Professionals and Healthcare Service Providers Use the Cloud for Storing Patient Data?

Historically, healthcare professionals and healthcare service providers stored their patients records the old fashioned way — on paper in brown folders. With the advent of computer technology, they had the option of storing their patients sensitive medical information in a local computer file as well as the old fashioned way. Today, thanks to cloud computing and data storage services, they can store their patients data in the cloud.

If a healthcare professional chooses to store their patients data in a computer program, the data could be lost if the computer system crashed, stolen or caught fire. If there is no paper backup, the sensitive and critical patient information could be lost forever. This is never an issue if sensitive medical data is stored in the cloud.

Storing patients data in the cloud has many benefits for healthcare professionals; including anytime, anywhere access, scalable storage, compliant, easy and affordable.
For example, cloud storage is flexible, allowing the health professional to scale up or down based on demand for storing patients records. In the past, healthcare professionals and service providers had to constantly acquire additional storage space for their patients records the old fashion way by buying physical folders, hard drives and/or upgrading the computer systems. This is inefficient and time consuming.

Cloud storage services that cater for the healthcare industry must have passed compliance requirements. HIPAA that came into effect in 1996 stipulates that patients’ data can never be lost or compromised under any circumstances. To comply with HIPAA, SEC, Sarbanes-Oxley and more, vendors have come up with innovative ways to secure data and fulfil compliance requirements by encrypting and backing up data to redundant geo-locations.

In addition, cloud computing can save the healthcare professional, healthcare service provider, and the patient some money by reducing the costs of maintaining IT infrastructure and software. It also saves money because capital intensive hardware no longer needs to be purchased, and could result in insurance premium savings, as well.
The portability of having patients records stored in the cloud means that healthcare professionals can review the records of their patients wherever they are at anytime. In addition, having information stored in the cloud, it also gives them piece of mind that valuable and irreplaceable patient information will never be lost.

Cloud computing can save healthcare professionals both time and money and can also help them become more efficient in the delivery of service to their patients. It is important to take your time and evaluate any cloud storage service and perform a due diligence by thoroughly testing the vendors for compliance and security before you sign up for the service.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal