What Every IT Person Should Know About SOX and HIPAA
Both the Sarbanes-Oxley (SOX) Act of 2002 and the Health Insurance Portability and Accountability Act (HIPAA) of 1996/2003 require that your IT department put controls in place to comply with these regulations. These regulations sparked renewed interest in best practices like COBIT and ITIL, which have been addressing control issues for years.
SOX requires CEOs and CFOs to certify and provide quarterly and annual reports to the Securities and Exchange Commission. Management must accept responsibility for the effectiveness of its internal controls, evaluate the effectiveness using suitable control criteria and support this evaluation with sufficient evidence. In addition, auditors are required to verity and attest to these controls.
Since the accuracy and timeliness of financial reporting depends on a well-planned and well-controlled IT environment, IT organizations must not only provide various forms of control documentation (in the form of manuals, flowcharts, memoranda, etc.), but also documentation about the effectiveness of those controls. This white paper provides insight into passing your SOX audits.
The final Security Rule on HIPAA Security Standards was enacted in 2003. It complements the Privacy Rule and lays out three types of security safeguards required for compliance:
Request a copy of this free white paper to distribute to members of your IT department.
See https://www.givainc.com/white-papers/index.htm to access white paper.