|
Preparing
for Sarbanes-Oxley (SOX) Sec. 404 requires a structured and measured
approach; otherwise an organization will find itself doing "too
much" or "too little". The current PCAOB rules require
auditors to attest on "management assessment process".
As such, the readiness roadmap that Polar Cove clients follow will
serve to demonstrate the assessment process through a series of
steps and activities that align to the PCAOB rules and CobiT guidelines.
Polar Cove has expertise and extensive
experience in IT Controls and Frameworks. Our certified professionals
are familiar with all aspects of COSO and CobiT. As a consulting
service, Polar Cove works with top management, helping to ensure
that decisions about SOX compliance meet both the needs of each
company and the requirements of SOX.
Polar Cove compliance assessment
includes these and other requirements:
United States of America
- USA Government Information Security Reform Act of 2000 Section
3534(a)(1)(A)
- Health Insurance Portability and Accountability Act of 1996
(HIPAA).
- OCR HIPAA Privacy TA 164.502E.001, Business Associates [45
CFR §§ 160.103, 164.502(e), 164.514(e)]
- OCR HIPAA Privacy TA 164.514E.001 Health-Related Communications
and Marketing [45CFR §§ 164.501, 164.514(e)]
- OCR HIPAA Privacy TA 164.502B.001, Minimum Necessary [45CFR
§§ 164.502(b), 164.514(d)]
- OCR HIPAA Privacy TA 164.501.002, Payment [45 CFR 164.501]
Canada
- Provincial Law of Quebec, Canada Act
Respecting the Protection of Personal Information in the Private
Sector (1993).
United Kingdom
- UK Data Protection Act 1998
Australia
- Privacy Act Amendments of Australia-Act
No. 119 of 1988 as amended, prepared on 2 August 2001 incorporating
amendments up to Act No. 55 of 2001. The Privacy Act 1988 (Cth)
(The Privacy Act) seeks to balance individual privacy with the
public interest in law enforcement and regulatory objectives
of government.
- National Privacy Principal (NPP) 6 provides
that an individual with a right of access to information held
about them by an organization.
- National Privacy Principal (NPP) 4.1
provides that an organization must take reasonable steps to
protect the personal information it holds from misuse and loss
from unauthorized access, modifications or disclosure.
IS 17799-2000
(BS 7799)
Polar Cove's Compliance Audit fully complies with all of the remote
auditing and testing requirements of BS7799 (and its International
equivalent ISO 17799) for information and security testing.
GAO and FISCAM
Polar Cove's Compliance Audit is fully in compliance with the control
activities found in the US General Accounting Office's (GAO) Federal
Information System Control Audit Manual (FIACAM) where they apply
to network security.
CASPR
Polar Cove's Compliance Audit is in full compliance with the best
practices and guidelines set forth by document control and peer
review from the members of the Commonly Accepted Security Practices
and Recommendations (CASPR) of which this manual will fulfill a
Best Practices need for Security Testing in Internet Security.
OWASP
Polar Cove's Compliance Audit is in full compliance with the remote
security testing and auditing of web applications as per the Open
Web Application Security Project (OWASP).
SET
Polar Cove's Compliance Audit fully incorporates the remote auditing
test from the SET Secure Electronic Transaction™ Compliance
Testing Policies and Procedures, Version 4.1, February 22, 2000.
Download
this text as PDF
[ Back to Top ] |
|
| Contact
us |
For any questions you may
have, contact us at 
1-401-454-3939.
Our Polar Cove representative will answer and assist you with
your specific needs. |
|
