Compliance
Global regulations and standards
include:
International Financial Reporting Standards (IFRS)
ISO27001 (ISO 27001) - previously BS7799-2:2002 (BS 7799) Information
Security Management System. Also global standard ISO17799 (ISO
17799)
ISO 17799 was most recently revised in June 2005 and is expected
to be renamed ISO/IEC 27002 during 2007.
The 2002 version of BS 7799-2 introduced the Plan-Do-Check-Act (PDCA)
(Deming quality assurance model), aligning it with quality
standards such as ISO 9000. BS 7799 Part 2 was adopted by ISO as
ISO/IEC 27001 in November 2005.
BS7799 Part 3 was published in 2005, covering risk analysis and
management. It aligns with ISO 27001.
ISO10181 (ISO 10181) Authentication
and Access Control.
ISO15489 (ISO 15489) Records
Management
expected: ISO Legal Codes of Practice
for the Management of Fixed Content Data
BIP0008 - Code of Practice for Legal
Admissibility of Information Stored Electronically
UK regulations and standards
include:
Data Protection Act 1998
Freedom of Information Act 2000
(aka FOI or FOIA)
Financial Services & Markets Act 2000
Electronic Communications Act 2000
ISO27001 (ISO 27001) - previously BS7799-2:2002 (BS 7799) Information
Security Management System. Also global standard ISO17799 (ISO
17799)
- see above
BS10181 (BS 10181) Authentication and
Access Control. Also global standard ISO10181 (ISO 10181)
Enterprise Act 2002
Regulation of Investigatory Powers Act (RIPA)
2000. (Part III in particular giving police powers to decrypt
files)
BS 25999 (BS25999) Standard for Business
Continuity Management
EU regulations and standards include:
The Privacy and Electronic
Communications (EC Directive) Regulations 2003 (e-Privacy
Directive)
Basel II Capital Accord
Human Rights Act 1998
Electronic Signature Directive
EDI Directive
e-Commerce Directive
MoReq - Model Requirements for the
Management of Electronic Records
Markets in Financial Instruments
Directive (MiFID)
US regulations and standards include:
SB 1386 - California legislation , signed into law in
September 2002, requires all institutions and organizations that
collect certain personal information to protect it against
possible "identity theft." In addition, if an incident occurs
that involves the compromise of personal information, the
individuals whose personal information may have been compromised
must be notified; and, the designated campus authority must
notify the Office of the President. IS-3 subsection IV.D
describes the requirements that must be met in order to be
compliant with law and UC policy. Required protections and
notification procedures are to be in place by July 1, 2003.
(SB1386)
HIPAA - Health Insurance Portability
and Accountability Act 1996
HL7 is a standard for the healthcare
industry.
Sarbanes-Oxley Act aka SOX Act.
Officially titled the “Public Company Accounting Reform and
Investor Protection Act of 2002”, signed into law on 30 July 2002
PATRIOT Act aka USAPA is The official
title is "Uniting and Strengthening America by Providing
Appropriate Tools Required to Intercept and Obstruct Terrorism
(USA PATRIOT) Act of 2001."
SEC & NASDAQ regulations - including
SEC 17a-3, the requirement to make records, and SEC 17a-4, the
requirement to keep records are most relevant. Specific rules
surrounding retention, non-rewriteable storage, and ease of
retrieval and viewing are highlighted by 17a-4. NASD 3010 and 3110
refer to and inherit the same requirements of 17a-3 and 17a-4 as
applied to the NASD, demanding the creation of policies and
retention of reviewable customer records and transaction data.
Gramm-Leach-Bliley Act aka GLB.
Officially titled the “Financial Services Modernization Act of
1999” repealed the Glass-Steagall Act opening up competition among
banks, securities companies and insurance companies.
Federal Information Security
Management Act of 2002 ("FISMA"). FISMA imposes a
mandatory set of processes that must be followed for all
information systems used or operated by a US Government federal
agency or by a contractor or other organization on behalf of a
US Government agency. These processes must follow a combination
of Federal Information Processing standards (FIPS) documents,
the special publications SP-800 series issued by NIST, and other
legislation pertinent to federal information systems, such as
the Privacy Act of 1974 and the Health Insurance Portability and
Accountability Act.
Canada - regulations and standards include:
Personal
Information Protection and Electronic Documents Act (PIPEDA)
2000 - An Act to support and promote electronic commerce by
protecting personal information that is collected, used or
disclosed in certain circumstances, by providing for the use of
electronic means to communicate or record information or
transactions and by amending the Canada Evidence Act, the
Statutory Instruments Act and the Statute Revision Act.
|
Products
 |
|
Applied
Expert Systems (AES Clever range)
|
Network
Performance/Availability (AES)
CLEVER TCP/IP
helps performance analysts, operations personnel, network system
programmers, and capacity planners effectively monitor
performance, and plan for the future. Its superior performance
monitoring makes it the ultimate choice for large IBM®-hosted
data centres undergoing wide scale SNA-TCP/IP migration over to
EE, TN3270, FTP, WebSphere, and/or other integral TCP-based
Business Services.
Network Route
Performance (AES)
CLEVER eRoute expedites
enterprise-wide IP route performance management and Service Level
control, providing a systemic approach to the organization and
analysis of route and segment data. Networks are the very
foundation of your critical business services, and are of
paramount importance to revenue generation. With a multiplicity of
interconnected routers and mid-tier services, the intricacies of
such issues as route discovery, route congestion, re-routing, and
broadcasting challenge the effective management of your
enterprise.
Web Site
Performance (AES)
CLEVER Web helps preserve
your corporate image and protect your revenue stream by minimizing
costly Web site outages, providing real-time performance awareness
data and historical reports for capacity planning. Your Web sites
are investments vital to the backbone of your business processes,
mandating the highest standards of quality and performance. When
your Web sites are unavailable or perform poorly during peak
hours, you lose customers, revenue, and potential repeat business.
Network
Problem Diagnosis (AES)
CLEVER cTrace restores
the value of the IP component trace as an essential diagnostic
tool, making inroads into TCP/IP network problem solving by
accelerating resolution and providing an unsurpassed z/OS-based
utility for network technicians. Your business needs to manage its
TCP/IP networks and other vital IT services in accordance with
your business objectives in order to leverage the full value of
your technology investments. Those investments include your
resources dedicated to resolving network problems quickly. TCP/IP
component traces are notoriously cumbersome, time consuming, and
difficult to read.
|
 |
|
Eurekify
|
Role-Based
User Management from Eurekify
Sage has been developed
to provide automated discovery and management of job roles for
User Administration & Provisioning and significantly reduce
the cost of implementation of an EUA solution from leading
vendors.
|
 |
|
Geneous Software AG
Identity Management and User Provisioning
- Account Geneous
Single
Sign-On Module - Account Geneous-SSO
Password Management modules
- Password Geneous-Sync / Password Geneous-Reset
|
ACCOUNT
GENEOUS : Identity Management from Geneous Software
Account Geneous enables the enterprise to provision and manage
user accounts and id’s with efficiency and enhanced security.
Without the difficult and costly implementation associated with
products from other leading vendors. Includes Single sign-on (SSO),
password management and workflow modules.
|
 |
|
Pro:Atria
|
SFTPPlus
is
provided as a fully supported server and/or client for
enterprises who wish to use the security of SSH with open
standards together with additional audit and automation for
enterprise file transfers. Transfers may be made to/from
internal as well as third party external SFTP servers with NO
requirement for additional software at the server side. SFTPPlus
for servers enables both sides to have the same audit and
control - if preferred.
|
 |
|
Proginet Corporation
|
|
Proginet
™ Security Solutions - Secure Data Transfers software for the
Enterprise
CyberFusion Integration Suite
(CFI)™: for Secure file Transfer is a complete suite of
enhanced file transfer management to help ensure compliance, security,
control and integration. The CFI 'Platform Server'
(multi-platform peer-to-peer file transfer) and 'Internet Server' (e.g.
B2B secure internet file transfer) may be implemented ‘stand alone’ or
together to meet corporate requirements and the optional Command Center
module can provide a central point of control and audit.
CFI Platform Server:
Secure
& Managed File Transfer
software in the enterprise across LAN, WAN & the internet
offering encryption & security, reliability & guaranteed
delivery, management & automation, audit & control. Cost
saving migration from competitor products (such as XCOM, NDM,
CONNECT:Direct) is supported.
CFI Internet Server:
Secure Internet File Transfer software
enables data to be securely transferred via the internet with
easily downloadable Java based browser application. Ideal for
secure transfer of data between business partners. Information
security via SSL & HTTPS (HTTP/S) as well as options for
FTP/S, (FTPS, SFTP, Secure FTP), ensures that data is moved
securely through the firewall & the DMZ.
CFI Command Center:
Centralised control of all data
movement module, the Command Center provides a single point of
control to manage all enterprise file transfer, inside and outside
the enterprise, and across platforms. The Command Center's Web-based
interface provides a single view of all file transfer activity,
bringing together features and functions including server
management, user profiles, alerts, status reports, and audit
logs.
Security
Solutions - Password Management software for the Enterprise
SECURPASS:SYNC ®:
Password Synchronisation software across multiple
platforms & applications to enhance security & save
helpdesk costs. The same password is used for access to all
platforms & all applications using best security policies
& password changes are automatically propagated. Users may
also be quickly revoked, resumed & deleted from a single point
thus improving security.
SECURPASS:RESET ®:
Password Reset software - user self-reset of passwords
to enhance security & save help desk calls. Users can reset
their passwords without helpdesk intervention in multi or
single-platform environments. Resets are enabled via a
browser-based self-help utility.
Other Products
Security
Solutions - Identity Management, EUA and provisioning solutions
|
 |
|
SCORT
Linking
legacy to eBusiness - Mainframe Integrator (SCORT)
Create
Web Interfaces - Enterprise Studio (SCORT)
Generate
Java Components - Data Mapper (SCORT)
|
SCORT is a software
company specialised in the integration of the Mainframe (3270, 5250,
VT etc) with new J2EE architectures to create SOA and web services
for the enterprise of today. |
|
|
|
|
Completing the
jigsaw
with solutions from:
|
 |
|
|
|
|
