Coviant Software

Data Protection and Compliance

Compliance Briefs

Do you want to design a file transfer process that is secure? Or one that is compliant? Of course, the answer is “both”.

Good business practice dictates data protection for you, your customers, and your business partners — including data-in-motion. But, even the best security practices do not alleviate the need to comply with regulations and standards that can carry high contractual, civil, and criminal penalties. Plus, the indirect loss of faith of your customers or business partners can have an incalculable impact on your bottom line.

HIPAA/HITECH

The Health Insurance Portability and Accountability Act (HIPAA) established national standards for the security of electronic health care information with both civil and criminal penalties for non-compliance by covered entitles, such as hospitals or physician practices. The HITECH Act of 2009 extended these penalties beyond covered entities to their business associates and established more rigorous enforcement policies.

PCI DSS (Payment Card Industry Data Security Standard)

PCI DSS is an assessment tool for use during compliance audits. It enhances payment account data security and help organizations proactively protect customer account data. It was developed and is maintained by the major credit card companies and facilitates the adoption of consistent data security for credit card data. Each entity that has a relationship with a credit card company, financial institution, or their agents must provide compliance validation documentation.

SOX (Sarbanes-Oxley)

SOX mandates that all publicly-traded organizations demonstrate due diligence in the disclosure of financial information. Each organization must also implement internal controls and procedures to protect financial data from unauthorized access, including access that could occur through file transfers.

State Privacy Laws

In addition to Federal regulations, forty-six states, the District of Columbia, Puerto Rico and the Virgin Islands have enacted legislation requiring notification of security breaches involving personal information. Many of which impose both civil and criminal sanctions for failure to comply. The Massachusetts privacy law is one of the most stringent laws and applies to all organizations doing business with residents of Massachusetts

Don’t Be the Victim in Your Own DIY Horror Story

I recently read a horror story that could have been written by Stephen King… if the King of Horror were an IT nerd. The story’s protagonist was a systems engineer who worked for a small managed services provider with clients in government. He was the kind of person...

Take a Walk Down Main Street: The Local Gas Station-Convenience Store

Can Energy & Retail Companies benefit from MFT Software Solutions? When you think about the energy industry, the big global brands come to mind. Multi-billion-dollar organizations like ExxonMobil, Royal Dutch Shell, and Total are known worldwide and dominate the...

Another Object Lesson in Poor Data Management

Technology lifecycle management is a security imperative. In what is yet another example of a large organization overlooking this responsibility, financial services firm Morgan Stanley was hit with a $60 million class action judgment after failing to properly manage...

Managed File Transfer Resolutions for 2022

It’s a new year and time for new beginnings. Maybe you’ve taken the time to look back over 2021 and assess your choices and have resolved to do better. And maybe one of those areas of improvement is to let go of the need to handle your file transfers manually, and...