http://www.compliancehome.com/ ComplianceHome is one of the Web's largest library of resources for compliance management of HIPAA, SOX, FISMA, GLBA, FDA, FFIEC, Basel II, OSHA and ISO 27002/17799. Visit our directories which are the best source on White papers, related news articles, resources on the web, training, webinars, conferences, rules & regulation overview, ask the expert, job and search on vendors, solutions & products. http://www.compliancehome.com/images/rsslogo.gif http://www.compliancehome.com/ en-us Fri, 26 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract11536.html Web-borne malware is now more common than malware that enters an organization through email. The number of Web sites discovered per day, that carry malware increased 400% in 2008. This drastic increase in infected sites can cause serious issues for your business. Organizations need to proactively protect their networks both by instituting acceptable usage policies for employee Web usage as well as implementing a solution to combat these malware intrusions. http://www.compliancehome.com/whitepapers/GLBA/abstract11536.html Wed, 24 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11535.html Processing over $4 billion in credit card transactions annually for over 800 clients, Autoscribe faced two challenges: 1) compliance with the complex and numerous requirements of the PCI standard; and 2) protect information systems from security breaches including internal (employees with malicious intent), external (hackers) or emerging (Zero-day). http://www.compliancehome.com/whitepapers/PCI/abstract11535.html Wed, 24 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11534.html This paper looks at why it's important for any network to keep its devices in sync and examine the security implications and financial ramifications - of improper network time. It also explains an approach to keeping proper time that doesn't require you to leave holes in your network defenses. Learn more today! Get the facts on how accurate synchronized time reduces network security risk. From stopping malicious activities to assuring log file accuracy to improved forensics, this white paper is based in part on the hardships of many companies that thought there was little risk in using Internet time. http://www.compliancehome.com/whitepapers/HIPAA/abstract11534.html Wed, 24 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11533.html With the proliferation of Microsoft Sharepoint deployments, what are the alternatives in the enterprise content management space? Organizations are concerned about security, scalability, and Web 2.0 functionality that is missing in Sharepoint. Two alternatives, built with Java, are profiled. http://www.compliancehome.com/whitepapers/SOX/abstract11533.html Tue, 23 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11531.html A number of today's leading computing initiatives like SOA, compliance, code reuse, and global outsourcing share the need to assemble distributed software development teams. In this distributed environment, it has become essential for companies to set, measure, and improve their development processes and for project teams to understand and complete their tasks in view of the overall lifecycle. CollabNet TeamForge provides an integrated set of software configuration management, collaboration, and project management tools with a secure, centralized on-demand delivery model integrated to enable true collaborative development in a global business environment. http://www.compliancehome.com/whitepapers/HIPAA/abstract11531.html Tue, 23 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11530.html In the last several years, many organizations have invested significant resources in new technologies and processes in order to comply with PCI DSS. But as anyone knows, compliance is not a one-time initiative but rather an ongoing endeavor that requires constant vigilance and review. This is evidenced clearly with the rapid adoption of virtualization across corporate data centers. Virtualization represents a quantum shift forward in terms of productivity and return on investment, which means that most organizations postpone its adoption at their own peril. The rush to virtualize, however, must be balanced with the need to maintain control, especially within a PCI-compliant infrastructure. This paper provides a snapshot of the PCI DSS, highlights key areas of concern for organizations that have virtualized or intend to virtualize PCI-compliant infrastructure, and offers specific guidance to those organizations for establishing control and easing the audit process when virtualization is http://www.compliancehome.com/whitepapers/PCI/abstract11530.html Tue, 23 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11527.html Educational institutions often operate in a heterogeneous records environment-they need to manage both paper and electronic documents. As a result, they may enact different procedures to address FERPA, HIPAA, and other compliance initiatives. Without standardized processes, it is not uncommon for records management practices to differ between departments, campuses, and even faculty within a single institution. In some cases, long-standing paper-based procedures have not been adapted to reflect advances in technology. Obviously, colleges and universities have to address compliance mandates. And in order to process work efficiently, institutions need to be able to manage student, administrative, and back-office records. This paper offers recommendations on where to start and how to handle the creation, management, and disposition of student and administrative records. http://www.compliancehome.com/whitepapers/HIPAA/abstract11527.html Tue, 23 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11526.html The Obama Administration has proposed to Congress the most sweeping and fundamental regulatory reform of the U.S. financial and securities markets since the New Deal. The proposals goals are to regulate systemic risk, enhance transparency and disclosure, delink executive compensation from excessive risk, improve investor protection, and prevent regulatory arbitrage. The Administration has set forth detailed recommendations on the regulation of hedge funds and over-the-counter derivatives, including credit default swaps, as well as draft legislation on a new resolution authority to unwind failing securities and commodities firms. The Administration also recommends major corporate governance reforms, such as shareholder advisory votes on compensation and enhanced compensation committees. http://www.compliancehome.com/whitepapers/SOX/abstract11526.html Tue, 23 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract11526.html The Obama Administration has proposed to Congress the most sweeping and fundamental regulatory reform of the U.S. financial and securities markets since the New Deal. The proposals goals are to regulate systemic risk, enhance transparency and disclosure, delink executive compensation from excessive risk, improve investor protection, and prevent regulatory arbitrage. The Administration has set forth detailed recommendations on the regulation of hedge funds and over-the-counter derivatives, including credit default swaps, as well as draft legislation on a new resolution authority to unwind failing securities and commodities firms. The Administration also recommends major corporate governance reforms, such as shareholder advisory votes on compensation and enhanced compensation committees. http://www.compliancehome.com/whitepapers/GLBA/abstract11526.html Tue, 23 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/Basel-II/abstract11526.html The Obama Administration has proposed to Congress the most sweeping and fundamental regulatory reform of the U.S. financial and securities markets since the New Deal. The proposals goals are to regulate systemic risk, enhance transparency and disclosure, delink executive compensation from excessive risk, improve investor protection, and prevent regulatory arbitrage. The Administration has set forth detailed recommendations on the regulation of hedge funds and over-the-counter derivatives, including credit default swaps, as well as draft legislation on a new resolution authority to unwind failing securities and commodities firms. The Administration also recommends major corporate governance reforms, such as shareholder advisory votes on compensation and enhanced compensation committees. http://www.compliancehome.com/whitepapers/Basel-II/abstract11526.html Thu, 18 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11525.html The Payment Card Industry Data Security Standard (PCI-DSS) is a broad set of requirements developed to foster global adoption of consistent data security measures for any organization which processes, transmits or stores card member information. This specification encompasses security management, policy, procedure, network architecture, software design and other measures to ensure the security of customer payment information. http://www.compliancehome.com/whitepapers/PCI/abstract11525.html Thu, 18 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11524.html Enterprises are seeking ways to simplify and reduce the scope of the Payment Card Industrys Data Security Standard (PCI DSS) compliance by shrinking the footprint where cardholder data is located throughout their organization. By reducing the scope, these enterprises can dramatically lower the cost and anxiety of PCI DSS compliance and significantly increase the chance of audit success. Compliance with the PCI DSS is a combination of documented best practices and technology solutions that protect cardholder data across the enterprise. This paper explores the use of tokenization as a best practice in improving the security of credit card transactions, while at the same time minimizing the cost and complexity of PCI DSS compliance by reducing audit scope. http://www.compliancehome.com/whitepapers/PCI/abstract11524.html Thu, 18 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11523.html Protecting enterprise networks from the ever-growing list of malware, intruders, insider threats, and other risks has never been more challenging. Network security policies must be frequently monitored and updated to protect against the ever evolving threat landscape whilst still enabling growth in scale and complexity. As a result, managing security policy change processes and effectively enforcing configuration policy compliance imposes a significant burden on enterprise IT departments. There is a growing requirement to implement an automated approach to controlling and analyzing network security changes and configuration management processes throughout their entire life cycle. This white paper discusses the challenge of enforcing and maintaining security policies in large-scale enterprise networks. It introduces the concept of network security life cycle management, which can help organizations address the need to effectively control network security configuration and change proces http://www.compliancehome.com/whitepapers/PCI/abstract11523.html Thu, 18 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11522.html The problem of data leakage is not unique to medical environments, though due to HIPAA regulation, the consequences of not checking the threat is greater here. The Health Insurance Portability and Accountability Act, Public Law 104-191 (HIPAA), adopted in 1996, hold all American organizations which use the personal medical data of citizens responsible for assuring the confidentiality of that information. HIPAA requirements are mandatory for medical institutions, medical insurance companies, government agencies and other organizations which have access to private medical records. http://www.compliancehome.com/whitepapers/HIPAA/abstract11522.html Thu, 18 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11521.html There are a number of steps a healthcare provider must undertake to meet the Technical Safeguards mandated in the Security Rules of Title II (Administrative Simplification) of the Health Insurance Portability and Accountability Act (HIPAA). HIPAA calls for tightly controlling and monitoring access to confidential patient information, and specifically calls out event logs as an important vehicle to meet compliance. This Paper describes how EventTracker from Prism Microsystems, Inc. can be used as the key component for managing the collection, storage and analysis of enterprise event log data. With EventTracker a healthcare provider can be confident they have the solution in place to help effectively meet audit requirements. http://www.compliancehome.com/whitepapers/HIPAA/abstract11521.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11520.html A Simple, Cost-Effective Solution to Exchanging Confidential Information Over the Internet http://www.compliancehome.com/whitepapers/HIPAA/abstract11520.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11518.html ITIL Version 3 Best Practices has expanded the concept of IT service delivery from day-to-day operations of those services to the Service Lifecycle. ITIL Version 3 Best Practices includes five lifecycle phases (each with its own guidebook): Strategy, Design, Transition (which covers implementation and change), Operations and Continual Improvement. At the strategy level, Version 3 Best Practices specifically invites the business manager into the process by asking IT to base the design, maintenance and evolution of IT services on the business objectives of the organization. http://www.compliancehome.com/whitepapers/SOX/abstract11518.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11517.html IT and business leaders today can no longer look at IT simply as a cost center, it is now a vital part of business success. Improving the efficiency of IT and improving the measurement of its impact on business performance are at the forefront of managers' concerns. Access to ITIL books can be instrumental in providing the methodology for IT improvement. ITIL Version 2 was influential in identifying the key processes of its time; however, those processesshaping Service Management have changed drastically. IT leaders can confirm Service Management means more than just supporting the end product; it means establishing and working through a Service Lifecycle.ITIL Version 3 Best Practices has expanded the concept of IT service delivery from day-to-day operations of those services to the Service Lifecycle. ITIL Version 3 Best Practices includes five lifecycle phases (each with its own guidebook): Strategy, Design, Transition (which covers implementation and change), Operations and Continual http://www.compliancehome.com/whitepapers/SOX/abstract11517.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11516.html Establishing PCI-DSS compliance may be extremely resource intensive at first; however, it ultimately protects business-critical information and enables organizations to conduct transactions smoothly. For any large or growing organization, the many tasks involved in documenting, tracking and auditing network security procedures can take many hours a day. While these processes can be executed manually, automated firewall operations management solutions can save time and money whilst providing an truly accurate audit trail. Find out how automated Firewall Operations Management solutions can help your organization to meet the strictest PCI requirements relating to network security, data safety, access control, and accountability http://www.compliancehome.com/whitepapers/SOX/abstract11516.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11515.html Compliance is high on the IT agenda today, yet no one seems to have a clear picture of what it really involves. Inconsistent interpretation by different auditors, regulators and vendors means what worked in one year's audit could fail in the next. This whitepaper is designed to help Demystify Compliance as it relates to IT and give you some simple recipes for analyzing your own environment in the light of specific mandates. http://www.compliancehome.com/whitepapers/PCI/abstract11515.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11514.html This Whitepaper discusses the top ten insider activities you have to monitor to make sure your employees are not violating security policy or opening up easy routes for insider abuse. Implementing these recommendations is fast, cost effective and will help prevent costly insider hacks and data leakage from impacting your business. http://www.compliancehome.com/whitepapers/PCI/abstract11514.html Wed, 17 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11513.html Gain a Unified, Top-Down View of Juniper Networks Firewalls to Manage Change, Secure Risks, and Ensure Compliance. Large enterprises maintain and operate multiple firewalls spread across different time zones and business units which involves a great deal of repetitive, manual work. Security administrators have to keep track of all changes while also ensuring compliance with corporate policies and stringent regulatory requirements. Learn how Tufin's SecureTrack provides complete visibility of all firewall operations. With powerful change tracking, risk analysis and security optimization capabilities, SecureTrack enables Juniper Networks' firewall teams to increase network security and automate day-to-day tasks. http://www.compliancehome.com/whitepapers/HIPAA/abstract11513.html Mon, 15 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11512.html PCI DSS applies to those organizations that store, transmit or process cardholder information payments; encompassing service providers, merchant acquirers, third party processors and even data storage entities. Processors represent organizations of significant transaction volume making them tantalizing targets for attack. The breaches in late 2008 and early 2009 of RBS World Pay and Heartland Payment Systems, which compromised over an estimated 100 million cardholders, exemplify the irresistible allure of transaction processors. http://www.compliancehome.com/whitepapers/PCI/abstract11512.html Wed, 10 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11510.html To satisfy regulatory requirements and better protect their networks, many organizations are turning to Security Information Management (SIM) tools. By collecting, correlating and reporting security events from firewalls, IDS/IPS devices, servers and other data sources across the network, SIM technology enables defense-in-depth. http://www.compliancehome.com/whitepapers/PCI/abstract11510.html Wed, 10 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11509.html As the technology used by merchants and their partners has evolved, card fraud has become more sophisticated. Any business that stores or transmits cardholder account data is a potential target, and recent data indicates that 4 out of 5 cardholder breaches occur at the point of sale. In response to this evolving threat, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) have created a set of security standards to protect their customers from security breaches and identity theft. http://www.compliancehome.com/whitepapers/PCI/abstract11509.html Wed, 10 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11509.html As the technology used by merchants and their partners has evolved, card fraud has become more sophisticated. Any business that stores or transmits cardholder account data is a potential target, and recent data indicates that 4 out of 5 cardholder breaches occur at the point of sale. In response to this evolving threat, the major credit card companies (American Express, Discover Financial Services, JCB, MasterCard Worldwide, and Visa International) have created a set of security standards to protect their customers from security breaches and identity theft. http://www.compliancehome.com/whitepapers/SOX/abstract11509.html Tue, 09 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11508.html The Center for Healthcare Supply Chain Research (formerly the HDMA Research & Education Foundation) recently published an important study concerning data management and data sharing in the healthcare supply chain. EPCIS is a standard mechanism for inter-company collaboration and data sharing, which can enable healthcare trading partners to deploy solutions that not only meet the short-term mandates driven by patient safety, but also to lay the foundation for long-term business value. Furthermore, the same infrastructure that is recommended in the Blueprint for data sharing and external collaborative business processes also is applicable to many internal processes, so that companies can begin capturing value from these investments now. http://www.compliancehome.com/whitepapers/HIPAA/abstract11508.html Tue, 09 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11507.html As a life sciences company, issues of governance, risk, and compliance (GRC) touch on nearly everything you do. But many organizations approach GRC in an ad hoc manner - implementing point solutions, one after another, in response to regulatory demands as they arise. This approach is inefficient and costly. It also leads to the proliferation of silos and a lack of transparency concerning compliance issues. A more effective approach is to institutionalize GRC throughout the global enterprise. This is where SAP solutions for governance, risk, and compliance can help. http://www.compliancehome.com/whitepapers/SOX/abstract11507.html Thu, 04 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11506.html This whitepaper examines the requirements of Federal Information Security Management Act (FISMA) and associated NIST security standards that define the Federal Government information security framework. When Government uses outsourcing, managed services or contracted services (Cloud computing, SaaS, etc) approaches for business services or technology solutions, commercial providers must meet government security standards. A common industry assessment standard used is known as the Statement of Auditing Standards (SAS) No. 70. The objective of this paper is to contrast the SAS 70 assessment method to the FISMA requirements and NIST standards to highlight the differences and gaps which Federal government agencies must be aware and solution providers must address. http://www.compliancehome.com/whitepapers/FISMA/abstract11506.html Thu, 04 Jun 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/FISMA/abstract11505.html This whitepaper examines the security threats and information technology (IT) security requirements associated with FISMA and NIST for contracted IT services, websites, outsourced business processing and on-demand applications. When Government agencies contract for these services, agency Chief Information Officers (CIO), Chief Information Security Officers (CISO) and System Owners must ensure that Federal government information and services are adequately protected and in compliance with a series of national security policies and standards. This paper provides a checklist for system owners and security professionals to assist in reviewing current contracts and aid in planning for new acquisitions. Industry standard alternatives to the Federal government security frameworks are also presented as a means to aid in determining potential usage. Solutions are provided to enable Federal agency personnel responsible for IT, contracts, and business operations to perform these assessments, reme http://www.compliancehome.com/whitepapers/FISMA/abstract11505.html Sun, 31 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11504.html Identity management solutions don't have to be overly complex. This paper showcases Sun's pragmatic approach that helps businesses streamline and simplify the identity management infrastructure for continued growth. It covers Sun's portfolio of pragmatic identity solutions in detail as well as presents real-world examples of these solutions in action. http://www.compliancehome.com/whitepapers/SOX/abstract11504.html Sun, 31 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11503.html Today's enterprise needs an identity and access management infrastructure that clearly aligns with its business strategies and leverages IT innovation to enable future growth. Sun Identity Management delivers low-cost, open-source software solutions that offer the flexibility, manageability, and cost-reducing benefits your business needs. http://www.compliancehome.com/whitepapers/SOX/abstract11503.html Thu, 28 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11502.html This paper explores the role of white box vs. black box testing. White box testing technologies have a definite but limited use and value. From a Web application security perspective it must be understood that significant blind spots come with white box testing. Ultimately white box testing is not sufficient to secure your applications: simply put organizations that rely solely on white box technologies will be exposed to vulnerabilities in their applications, thus making it an ineffectual method of testing real-world risks. This paper will demonstrate black box or dynamic testing is ultimately the appropriate solution for truly securing Web applications. http://www.compliancehome.com/whitepapers/PCI/abstract11502.html Thu, 28 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11501.html Ritz Camera Centers has strived to protect cardholder data since the early days of payment card security programs. Their consolidation into the PCI DSS helped elevate corporate visibility to threats on cardholder data. When it became critical to integrate PCI compliance efforts with Ritzs business processes, learn how they were able to deploy solid controls to identify users, authorize them to do specific things, and track everything they do with the guidance of PCI DSS. http://www.compliancehome.com/whitepapers/PCI/abstract11501.html Thu, 28 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11500.html Web Application Threats Are Evolving. Are Your Security Efforts Keeping Pace? Today, Web application security threats are not only becoming more abundant than ever, but also more difficult to detect, and more complex to solve. Many organizations are responding to these unique vulnerabilities with traditional network security approaches. However, sophisticated Web applications threats require a more sophisticated security strategy. Whats worked in the past wont necessarily work today; and whats more, Web application security requires a comprehensive solution, not simply a series of a la carte provisions. For detailed steps toward improving your Web application security strategy, download the VeriSign Enterprise Security Services white paper, Best Practices That Improve Web Application Security. http://www.compliancehome.com/whitepapers/PCI/abstract11500.html Thu, 28 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/GLBA/abstract11499.html Read this white paper to discover the current and emerging trends of stealth malware and protect your organization from potentially devastating data breaches. It covers new advances in network security technologies that use multi-phase heuristic and virtual machine analysis to detect and mitigate the damages that result from malware-related data thefts. Protect yourself from the Cyber Theft Pandemic! http://www.compliancehome.com/whitepapers/GLBA/abstract11499.html Thu, 28 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11498.html This document explains how Symark PowerBroker supports the Payment Card Industry Data Security Standard (PCI DSS) by limiting and tracking authorization to execute commands and programs that access servers and applications storing and using proprietary cardholder. Symark PowerBroker provides an auditable process that controls, monitors and records that access. PowerBroker establishes and enforces auditable control and process for preventing unauthorized data access. PowerBroker can be customized to tightly control authorization to meet the requirements outlined in PCI DSS specification. http://www.compliancehome.com/whitepapers/PCI/abstract11498.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11497.html Overfull email inboxes and a constant flood of unmanageable emails are facts of business life that nearly everyone faces. One is often tempted to file for email bankruptcy click the delete inbox button and end it all. Most strategies around dealing with this email deluge relate to getting more power out of the email solution greater storage, more intelligent spam filters, more powerful search or better management of the email torrent time budgeting, organization of mails etc. This whitepaper argues that weve got the problem all wrong. If email deluge is a problem, were part of the problem. We are not using email for what it was meant for, what it was designed for. It is from this the problem of email chaos stems, as does the problem of constant distraction and productivity sapping email interruptions. Email is actually working against us. The objective of technology, including email, is to enhance employee productivity and information management. The answer to overburdene http://www.compliancehome.com/whitepapers/HIPAA/abstract11497.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11496.html This paper presents Evidence-based Development (EbD), a confidence-based approach to progressive system assurance that is closely integrated with the development process. EbD draws inspiration from requirements management, from risk management, and from the claim-evidence-argument paradigm - well known in the safety engineering domain - whose ideas we extend from safety to the broader concept of system fitness-for-purpose.EbD provides an evidential backbone for assurance. It establishes assurance as a progressive activity starting from the very outset of the system lifecycle. Evidence is accumulated where confidence is most lacking, beginning with design verification in the earliest stages of development, through to design fulfillment from test results in the later stages. It caters for assurance and compliance evidence arising in many different forms from diverse sources and approaches throughout the lifecycle. As an example of its application, the paper summarizes how EbD can be appl http://www.compliancehome.com/whitepapers/HIPAA/abstract11496.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11494.html Many disaster recovery replication technologies focus on recovering data after a disaster or problem - i.e. physical disruptions - and are associated with downtime. With many companies focused on preventing the impact caused by service interruptions (revenue loss, service loss, etc.), existing block-level replication investments need to be augmented with logical replication technology to ensure continuous operations and reduce risk to the business. http://www.compliancehome.com/whitepapers/SOX/abstract11494.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11493.html Information security managers and directors are faced with the enormous responsibility of keeping Web applications secure from hackers. The ever-growing number of security threats and an increasing body of governmental regulations are overwhelming information security teams. With Web applications constantly evolving, finding vulnerabilities is challenging, costly, and time-consuming.The solution is automated security assessment products that leverage stateful processing to comprehensively examine Web applications and reveal vulnerabilities in hours rather than weeks. These powerful solutions help information security teams quickly identify problems, regularly assess Web application security strength and ensure regulatory compliance.Read this white paper to learn how information security personnel can protect sensitive data without costly Web application security assessment outsourcing. http://www.compliancehome.com/whitepapers/PCI/abstract11493.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract11492.html This whitepaper provides an overview of the challenges midsize organizations face, and how Oracle products can help them overcome those hurdles. Read this whitepaper to learn how midsize organizations like yours can use Oracle software to improve customer relations, minimize risk, deal with change, and make the most of your existing resources. http://www.compliancehome.com/whitepapers/ISO-27002-(17799)/abstract11492.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/PCI/abstract11491.html We are beginning to see a trend of growing awareness around Web application security. The Payment Card Industry (PCI) Section 6.6 initiative is driving a lot of companies especially e-retailers to get compliant. However, the economic crisis, lack of awareness and understanding of the issues are holding some organizations back from moving forward with this initiative. Most of the regulations around compliance including PCI, GLBA, HIPAA, and others are not enforcing the regulations as strongly as they should. Many organizations don't want to take action unless they have been hacked or audited by one of the regulatory compliance bodies. http://www.compliancehome.com/whitepapers/PCI/abstract11491.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11488.html Questions on the minds of privacy officers in many healthcare and government organizations are, Will privacy of healthcare information or HIPAA ever really be enforced? and, Will the new Obama administration in Washington change the course of HIPAA enforcement or attitudes towards protecting privacy of health information? http://www.compliancehome.com/whitepapers/HIPAA/abstract11488.html Tue, 26 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/HIPAA/abstract11487.html The material in this document summarizes major enforcement changes in the HIPAA laws as a result of the stimulus bill that has been passed by Congress and has been sent to the President for his signature. The changes in the HIPAA Privacy and Security rule are significant and will have a major impact on healthcare providers as well as non-covered entities. http://www.compliancehome.com/whitepapers/HIPAA/abstract11487.html Thu, 21 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11485.html One of the most dramatic innovations in the infrastructure management marketplace is the rise of Network Change and Configuration Management (NCCM) as a strategic requirement. This white paper focuses on the key values that NCCM can bring to reliability, risk and cost management, as well as some of its powerful operational and lifecycle asset values http://www.compliancehome.com/whitepapers/SOX/abstract11485.html Thu, 21 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11484.html This ExecBlueprint discusses ways that IT can step into this new role and, in the process, improve its ability to execute technology solutions that will most optimally drive business growth and productivity. Here, four IT leaders share the challenges and opportunities their own departments have faced, and how they (and their staffs) have addressed company technology needs by developing more systematic project management strategies during meetings with cross functional teams where IT is viewed as a true partner not just a service provider http://www.compliancehome.com/whitepapers/SOX/abstract11484.html Thu, 21 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/SOX/abstract11483.html Staples' information systems play a critical role in delivering on their brand promise 'that was easy.' As part of a recent strategic imperative, Staples recently embarked on a major modernization of its systems architecture and supporting processes. The goal was to ensure IT's systems could scale with the companys continued global expansion without sacrificing the quality of the brand experience. One critical target for modernization was Staples' enterprise job scheduling processes and systems. After researching the top software providers in this space, Staples selected Tidal Software to support its efforts to centralize and streamline automated batch processing. http://www.compliancehome.com/whitepapers/SOX/abstract11483.html Thu, 21 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11482.html In todays highly regulated life sciences environment, organizations face a myriad of regulations and regulators, affecting all aspects of the enterprise. One area coming under increased regulatory scrutiny is change control: the ability to manage deviations to established policies and procedures in a way that is efficient, timely and compliant. This paper examines why it is absolutely vital for organizations to take a comprehensive, closed-loop approach to automating change management, spanning all areas of the organization and extending throughout the product lifecycle. The key attributes of an effective solution are described including: -A single point of visibility and control for the enterprise -Flexible configuration to meet unique country, department, and site needs -Robust integration with key business and product lifecycle systems -A closed loop approach to monitoring and validating change control -Automated workflow processes that streamline the completion of change managemen http://www.compliancehome.com/whitepapers/FDA/abstract11482.html Thu, 21 May 2009 00:00:00 CST http://www.compliancehome.com/whitepapers/FDA/abstract11481.html When publishing a dossier, life sciences companies typically struggle with efficiently compiling supporting documentation. Usually, this is the result of dealing with paper and electronic documents, legacy versions and incomplete or inaccurate data due to human error. This does not need to be the case. To prevent documentation from becoming a costly issue, companies can take steps (on the front end and throughout the entire document lifecycle) to enable a smooth submission process. http://www.compliancehome.com/whitepapers/FDA/abstract11481.html