Regulations and IT Compliances Requirements
How CoreVault Addresses Compliance Requirements
Quick Reference Guide
CoreVault addresses regulatory mandates.
| Regulation | Compliance Requirements | Addressed by CoreVault | |
| Yes | N/A | ||
| 1 - HIPAA (Health Insurance Portability and Accountability Act 2 - EU Annex 11 3 - The Gramm-Leach Bliley Act 4 - PCI DSS 5 - CA Assembly Bill No. 1950 |
a) Make data backups | √ | |
| b) Establish access controls based on job responsibilities | √ | ||
| c) Log successful access attempts to mission-critical resources | √ | ||
| d) Limit unsuccessful user ID login attempts after consecutive unsuccessful tries | √ | ||
| e) Require authentication | √ | ||
| f) Enable system events (logging) | √ | ||
| g) Encrypt information | √ | ||
| h) Keep data physically and electronically secure from unauthorized access (implement security tools to prevent malicious attacks or detect intrusions, restrict Internet access to DMZ) | √ | ||
| 6 - Sarbanes-Oxley Act | a) Establish access controls based on job responsibilities | √ | |
| b) Log successful access attempts to mission-critical resources | √ | ||
| c) Require authentication | √ | ||
| d) Enable system events (logging) | √ | ||
| e) Keep data physically and electronically secure from unauthorized access (implement security tools to detect intrusions) | √ | ||
| f) Data retention: 7 years retention for audit reports and related materials | √ | ||
| g) Encrypt information | √ | ||
| 7 - EU Data Protection Directive (EUDPD) | a) Make data backups | √ | |
| b) Establish access controls based on job responsibilities | √ | ||
| c) Require authentication | √ | ||
| d) Enable system events (logging) | √ | ||
| e) Encrypt personal information | √ | ||
| 8 - Basel II Capital Accord | a) Make data backups | √ | |
| b) Archiving, retrieval and restoration capabilities should be in place | √ | ||
| c) Long-Term data retention (3-7 years of data history) | √ | ||
| 9 - MA 201 CMR 17 | a) Data Encryption | √ | |
| 10 - Canada's Personal Information Protection & Electronic Data Act (PIPEDA) | a) Make data backups | √ | |
| b) Establish access controls based on job responsibilities | √ | ||
| c) Require authentication | √ | ||
| d) Enable system events (logging) | √ | ||
| e) Encrypt personal information | √ | ||
| 11 - Health Information Technology for Economic and Clinical Health Act (HITECH) | a) Data destruction | √ | |
| b) Data encryption | √ | ||
| 12 - Federal Information Security Management Act (FISMA) | a) Categorize the information to be protected. | √ | |
| b) Select minimum baseline controls | √ | ||
| c) Refine controls using a risk assessment procedure | √ | ||
| d) Document the controls in the system security plan | √ | ||
| e) Implement security controls in appropriate information systems. | √ | ||
| f) Assess the effectiveness of the security controls once they have been implemented. | √ | ||
| g) Determine agency-level risk to the mission or business case | √ | ||
| h) Authorize the information system for processing | √ | ||
| i) Monitor the security controls on a continuous basis | √ | ||
| 13 - Expedited Funds Availability Act (EFA) 14- Federal Energy Regulatory Commission (FERC) 15- Financial Industry Regulatory Authority (FINRA) |
a) Business Continuity | √ | |
| b) Disaster Recovery Plan | √ | ||
| 16 - Securities and Exchange Commission (SEC) 17-a 3,4 | a) Make data backups | √ | |
| b) Data encryption | √ | ||
| c) Data retention | √ | ||