Welcome, Guest | Sign in
Become a Reseller
  • SOX

    SOX Compliance Act

    The Sarbanes–Oxley Act of 2002 was enacted in July 30, 2002. It is also known as the 'Public Company Accounting Reform and Investor Protection Act' and 'Corporate and Auditing Accountability and Responsibility Act' .It is commonly known as Sarbanes–Oxley, Sarbox or SOX. SOX is a United States federal law, which set new or enhanced standards for all U.S. public company boards, management and public accounting firms. It is named after sponsors U.S. Senator Paul Sarbanes and U.S. Representative Michael G. Oxley.

    Need for SOX compliance

    It is essential for every organisations to report their internal audit structure to Securities and Exchange Commission(SEC). The scandal made by the organisations is the major cause for the development of SOX. It improves the reliability of financial reporting and increases public awareness about the importance of audits. This act significantly raises criminal penalties for fraudulent behaviour, for destroying, altering or fabricating records or any attempt to defraud shareholders.

    IT & SOX compliance

    It is the duty of IT to appoint authorized people to conduct all financial transactions and data entry, and all transactions must be tracked in ways that support comprehensive auditing. To meet these and other business requirements, IT executives must ensure that the identity and access management (IAM) solutions at their enterprises deliver adequate levels of demonstrable, transparent compliance. Proper auditing must be done in IT organizations. IT auditor has to assure internal control, quality, security, privacy of information


  • ITIL

    What is ITIL?

    The Information Technology Infrastructure Library (ITIL) v3 was released in June 2007. The ITIL methodology was introduced in the 1980s by the United Kingdom's Central Computer and Telecommunications Agency (CCTA) because they realized that a more systematic approach to manage the IT infrastructure was required. ITIL provides guidance to improve the quality of IT services. It describes the "Best Practices" of IT service management.

    Need for ITIL

    ITIL describes the below given major entities, processes, and disciplines within two categories namely Service Support and Service Delivery:

    Service Desk

    • Incident Management
    • Problem Management
    • Configuration Management
    • Change Management
    • Release Management

    Service Delivery

    • Service Level Management
    • IT Financial Management
    • Capacity Management
    • IT Service Continuity
    • Availability Management

    Some of the better outcomes resulted while following ITIL are increased customer satisfaction, increased Profits, time management, improved time for innovation, decreased risk due to proper decision making.

    Role of ITIL in Information Technology

    The major entities such as incident management, problem management, service level management, availability management etc were described by ITIL. It also provides much care on IT security management. According to ITIL, IT organisation can benchmark with other organisations to compute their standard which inturn increase their performance.To meet ITIL requirements, IT organisations must self-audit themselves or appoint trained personnel to perform regular audits. ITIL adoption will ensure improvement in quality and gain. It also helps to know what is actually happening in an organization. ITIL examines the processes involved in identifying, managing, resolving, and reporting inorder to overcome inevitable changes in the network.


  • HIPAA

    What is HIPAA?

    The Standards for Privacy of Individually Identifiable Health Information(Privacy Rule) established a set of standards to protect health information. The U.S. Department of Health and Human Services(HHS) issued the Privacy Rule to implement the requirement of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA provides guidelines for the organisations to implement secure handling of protected health information.

    Need for HIPAA

    The main aim of HIPAA is to protect the individual's health information during its transmission by a covered entity or its business associate, in any form, whether electronic, paper or oral. The Privacy Rule calls this information as Protected Health Information (PHI). If a system handles billing as well as client tracking, then it must support HIPAA standards. Apart from this, automation, secure transaction, privacy are expected to result in administrative efficiency.


    E-billing is facing serious threats due to hackers. HIPAA applies to any organization that transmits any electronic billing information such as invoices, or information needed to look up insurance information to any health insurance company, including Medicare or Medicaid. This means that HIPAA typically regulates organizations providing counseling, therapy or other services that need to bill insurance companies.

    HIPAA in Risk Management

    The 2009 American Recovery and Reinvestment Act (ARRA), includes a section called the Health Information Technology for Economic and Clinical Health (HITECH) Act. The HITECH Act adopts “electronic health records” (EHRs) to improve efficiency and lower healthcare costs. Due to the increase in privacy and security risks, the HITECH Act introduced new security and privacy related requirements for business associates under HIPAA.


    The fines for non-compliance with the HIPAA privacy rule have increased significantly with the introduction of the HITECH Act. An organization can now be fined up to $1,500,000 per calendar year for each violation.

    HIPAA in IT

    Security standards applies to the protection of electronically stored or transmitted information from corruption by viruses or theft by hackers or sending PHI on unsecured channels. The security standards are not intended to address how paper information is stored. They mandate safeguards for physical storage maintenance, protection, and access to individual health information.


    Access to equipment containing useful information should be carefully controlled and monitored. Permission to access hardware and software must be limited to authorized individuals. Access controls must consist of security plans, maintenance records, and visitor sign-in and escorts. Workstations should be removed from high traffic areas and monitor screens should not be in direct view of the public. If the covered entities utilize contractors or agents, they too must be fully trained on their physical access responsibilities. Automated security updates are another feature that could be used to help limit the scope of security threats.

    How to follow HIPAA?

    IT organisations must follow the below mentioned HIPAA guidelines inorder to protect Health Information from unauthorised usage:

    • Implement technical policies and procedures for electronic information systems that maintain electronic protected health information to allow access only to those persons or software programs that have been granted access rights.
    • Implement hardware, software, and procedural mechanisms that record and examine activity in information systems that contain or use electronic protected health information.
    • Implement policies and procedures to protect electronic protected health information from improper alteration or destruction.
    • Implement procedures to verify that a person or entity seeking access to electronic protected health information is the authorised one.