Compliance

The Family Educational Rights and Privacy Act (FERPA) was enacted in 1974 to protect student education records and pertains to any school, either K-12 or higher education, public, or private, that receives funds under any program from the U.S. Department of Education.

Many public and private, U.S. schools fall under FERPA and IT staff who work for these institutions must understand FERPA's provisions to ensure compliance.

Number 3: Use "Directory Information" carefully - FERPA established a class of information called "Directory Information"—information about a student that can be shared without that student's consent. According to regulations, directory information includes information "contained

Safely retaining and securing data is an important aspect of an effective security strategy. Business demands, increased user requirements and even compliance concerns (i.e., Sarbanes-Oxley) have created a need for a comprehensive Storage Security Policy.

This policy's purpose is to preserve the organization's critical data from damage, disaster, and misuse as well as to ensure fulfillment of compliance requirements, ensure privacy, optimize storage space, reduce the cost of data retention, and ensure that outdated records are properly destroyed. It includes a policy you can customize to meet your needs as well as a risk assessment spreadsheet you can use to judge just how much your organization is at risk by not having this policy in place.

Download Page

The PCI DSS version 1.1, a set of comprehensive requirements for enhancing payment account data security, was developed by the founding payment brands of the PCI Security Standards Council, including American Express, Discover Financial Services, JCB International, MasterCard Worldwide and Visa Inc. Inc. International, to help facilitate the broad adoption of consistent data security measures on a global basis.

Download Page

The core of the PCI DSS is a group of principles and accompanying requirements, around which the specific elements of the DSS are organized:

1980 Organization for Economic Cooperation and Development (OECD) Guidelines focus on area:
1. Data collection limitations
2. The quality of data
3. Specifications of the purpose for data collection
4. Limitations of data use
5. Participation by the individual on whom the data is being collected
6. Accountability of the data controller

The OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, adopted on 23 September 1980, continue to represent international consensus on general guidance concerning the collection and management of personal information. By setting out core principles, the guidelines play a major role in assisting governments, business and consumer representatives in their efforts to protect privacy and personal data, and in obviating unnecessary restrictions to transborder data flows, both on and off line. The reflection of twenty-one years of expertise and experience shared among representatives of OECD governments, business and industry, and civil society, this publication contains the instruments that serve as the foundation for privacy protection at the global level: the 1980 OECD Privacy Guidelines, the 1985 Declaration on Transborder Data Flows and the 1998 Ministerial Declaration on the Protection of Privacy on Global Networks.

Download Page

Advanced file integrity checker that integrates seamlessly with your anti-virus/trojan application(s). Sentinel audits your system folder (as well as upto 20 other folders) for the slightest file changes and/or additions. If any files fail the integrity check, your anti-virus/trojan program will be notified. Sentinel, has been critically acclaimed worldwide for its ease of use and tact as a file integrity checker. Sentinel has been deployed at both the enterprise and government sectors to ensure system compliance and security.

Establishing and monitoring known system or component baselines is becoming standard across enterprises looking to manage their IT assets intelligently. File Integrity Monitoring helps organizations verify and maintain SOX 404 controls as well as satisfy the requirements outlined in the PCI DSS. Version 2.2.1 support for more antivirus products.

Download Page

Using Occupational Safety and Health Software (OSHA) you can standardize your risk management methodology across multiple sites and departments, allowing real time visualization of the risk landscape within your business. Mipsis Occupational Safety and Health Software (OSHA) software is a workplace safety management system covering; Employee Register, Examination Records, Prescription and Test Records, Disease and Medication Library, Accident Incident Records, Personal Protective Equipments, Job Descriptions, Job Hazards Analysis, Risk Management,

This section gives a brief overview of the efforts around the world to implement PKI and the relevant laws that help bolster its use. Please refer to other sources, including ones listed in this appendix, for further details. Many of these laws change rapidly through amendments and reactions to changes in technology. It is important to note that many of these laws have not been extensively tested in contested digital signature cases as they are still relatively new. Expect that in two to three years, after wider use, these laws will be challenged in transactions that will further shape the digital signatures laws.

Australia
November 25, 2000: Approved electronic signature bill law with action to take place from July 2001. Gatekeeper model set up and designed to guide development of PKI infrastructure. Australian Customs has developed a system called the Cargo Management Re-Engineering Project (CMR). CMR was designed to leverage PKI for improving Customs paperwork for import and export of goods.