|
Table
of Contents:
Regulation
Compliance
Sarbanes
Oxley Act (SOX)
Gramm
Leach Bliley (GLB)
HIPAA
Visa
Cardholder Information Security Program (CISP)
California
Privacy Notification (SB 1386)
Important
Links
Compliance
– How Alliance applications can help
A
large number of new federal and state regulations
will affect how you present information, manage
data storage, and exchange data with your
partners. While many of these regulations require
changes in your business processes and procedures,
a number of them directly affect your AS/400
applications. In this newsletter we’ll look at
some of the new regulations and how Alliance
applications can help you meet compliance
requirements.
Back
To Top
Sarbanes
Oxley Act (SOX)
The
Sarbanes Oxley Act defines corporate
responsibility and has many implications for IT
organizations. Proper management of off line data,
controls over the testing and QA processes, proper
management of computer access, security of systems
and data, and many other regulations affect how we
develop, deploy, and manage applications. Even if
your company is not publicly traded, you may find
yourself meeting these regulations due to merger
or acquisition concerns, or due to diligence on
the part of your trading partners. You can get
more information about the Sarbanes Oxley Act
here:
http://www.sec.gov/spotlight/sarbanes-oxley.htm
How
we can help:
Alliance
FTP Manager, Alliance XML/400, Alliance
AuthExpress, and Alliance TCP/IP all provide a
complete history of file transfer and
communications activity as well as an archival
mechanism. This helps meet the audit requirements
for IT system activity.
Alliance
PGP and Alliance AES provide data security through
strong encryption technologies. Private and
sensitive information can be secured with
easy-to-use commands and APIs. The Alliance AES
option includes APIs to help you encrypt fields in
your AS/400 database files.
Back
To Top
Gramm
Leach Bliley (GLB)
The
primary focus of Gramm Leach Bliley is financial
institution consumer privacy and data sharing. It
defines specific procedures for Banks, Insurance
companies, Brokerages, and other financial
institutions to protect consumer personal
information. A part of the recommendations include
the encryption of data stored on computer systems,
and the secure transmission of data across
networks. For more information about Gramm Leach
Bliley see:
http://www.ftc.gov/privacy/privacyinitiatives/safeguards_educ.html
How
we can help:
Alliance
FTP Manager with the PGP Encryption option
provides for secure transmission of files over the
Internet or internal network. It is ideal for
sending files to external trading partners as PGP
is an open standard implemented on many computer
platforms.
Alliance
AES Encryption can help you distribute data and
reports using strong AES encryption. It is ideal
for transmitting reports and data to employees
using the Self-Decrypting archive option.
Alliance
AES Encryption for DB2 provides key management and
APIs for encrypting fields in your AS/400 database
files. You can easily encrypt credit card numbers,
social security numbers, and other sensitive data
in your RPG and Cobol applications.
Alliance
XML/400 provides secure SSL web client and server
applications for delivery of sensitive information
over the Internet. Sessions are encrypted with
128-bit SSL technology for approved security.
Back
To Top
Health
Insurance Portability and Accountability Act (HIPAA)
For
companies in the health sector the HIPAA
regulations require encryption of data for
transmission over public networks like the
Internet. PGP (Pretty Good Privacy) encryption is
specifically accepted as an approved method to
secure your data. The regulations have a broad
reach and affect the storage of information,
display of information in public areas, and
transmission between health organizations.
How
we can help:
Alliance
PGP encryption implements the strong encryption
required by HIPAA for transmitting data between
providers, insurers, and intermediaries in the
health reporting system. Alliance FTP Manager also
implements SSL FTP for secure FTP transfer of
data.
Alliance
AES Encryption can help you distribute data and
reports using strong AES encryption. It is ideal
for transmitting reports and data to employees
using the Self-Decrypting archive option.
Alliance
AES Encryption provides key management and APIs
for encrypting fields in your AS/400 database
files. You can easily encrypt credit card numbers,
social security numbers, and other sensitive data
in your RPG and Cobol applications.
Back
To Top
Visa
Cardholder Information Security Program (CISP)
In
order to reduce fraud and identity theft Visa has
published recommendations and rules for merchants
who accept credit and debit cards. These affect
your network implementation and data storage on
the AS/400. All cardholder information that is
sensitive, such as credit card numbers, expiration
dates, and other information, should be encrypted
in your AS/400 database files. These rules affect
many aspects of data storage and transmission over
the Internet. For more information:
http://usa.visa.com/business/merchants/cisp_index.html
How
we can help:
Alliance
AuthExpress is a credit card authorization
application that manages all aspects of the
authorization and settlement process, and which
protects sensitive information. There are Triple
DES APIs to help you secure any sensitive
information in your own database files.
If
you settle your authorization transactions with
FTP, Alliance PGP encryption implements the strong
encryption needed to secure the data during
transfer.
Alliance
FTP Manager also implements SSL FTP for secure FTP
transfer of data.
Alliance
AES Encryption for DB2 provides key management and
APIs for encrypting fields in your AS/400 database
files. You can easily encrypt credit card numbers,
expiration dates, and other sensitive data in your
RPG and Cobol applications.
Back
To Top
California
Privacy Notification (SB 1386)
The
California privacy notification law affects you if
you do business in California, or if you have
customers in California. The law requires that you
take specific steps to notify customers, employees
or others if there is a loss of sensitive
information, or if there is a possibility of such
a loss. The notification process can be expensive
and can lead to additional legal actions. There is
a safe harbor provision in the law that allows you
to avoid notification if sensitive data is
encrypted in your database files. For more
information:
http://info.sen.ca.gov/pub/01-02/bill/sen/sb_1351-1400/sb_1386_bill_20020926_chaptered.html
How
we can help:
Alliance
AES Encryption for DB2 provides key management and
APIs for encrypting fields in your AS/400 database
files. You can easily encrypt credit card numbers,
social security numbers, and other sensitive data
in your RPG and Cobol applications.
Alliance
PGP encryption implements strong encryption for
transmitting data between you and your bank,
benefits provider, insurance company, payroll
service and other partners. Alliance FTP Manager
also implements SSL FTP for secure FTP transfer of
data.
Alliance
AES Encryption can help you distribute data and
reports using strong AES encryption. It is ideal
for transmitting reports and data to employees
using the Self-Decrypting archive option.
Back
To Top
|
