SOX和HIPPA软件要求 [英] SOX and HIPPA software Requirements

查看:102
本文介绍了SOX和HIPPA软件要求的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

亲爱的建筑师。


任何人都可以提供SOX和HIPPA规则变成软件要求的清单吗?


In另一个什么 我是否应该在软件应用程序中查看SOX和HIPPA合规性。


您的意见非常感谢。


谢谢


Gags


 


 


如果是,请不要忘记将其标记为答案。 谢谢Gags

解决方案

至于SOX:


您需要提供证明(一段时间)什么软件已被更改(更改,错误修复,...)以及谁做了这些更改(像Team Foundation Server这样的源控制解决方案可以帮助您解决此问题)。另外:为什么软件改变了?在
的情况下,可能很明显为什么,但是如果功能发生变化,业务案例可能会包含在功能分析中并作为证据。还必须清楚谁批准了更改和发布,谁对软件进行了审核。


在SOX要求的实际调整中,我知道当你在系统/组件之间交换文件,应该在每一侧生成一个哈希密钥。这些需要进行比较,以确保在转移过程中文件没有被更改。


一些资源:


- 应对合规性:萨班斯 - Oxley和IT基础设施:
http://www.information- management.com/issues/20060201/1046573-1.html?pg=1

- Web应用程序安全性和Sarbanes-Oxley合规性

http://h71028.www7.hp.com/ERC/cache/568390-0- 0-0-121.html

- "萨班斯 - 奥克斯利法案"第404条:内部控制从业人员管理指南(PDF)

www.theiia.org/download.cfm?file=31866 功能


Dear Architects.

Can any one provide be a list of SOX and HIPPA regulationes turned into a software requiremets?

In another what  should I look in a software application for SOX and HIPPA compliance.

Your inputs are highly appreciated.

Thanks

Gags

 

 

Please do not forgot to mark it as an answer if it is. Thanks Gags

解决方案

As far as SOX goes:

You will need to provide proof of (for a period of time) what software has been changed (changes, bugfix,...) and who did these changes (Source control solutions like Team Foundation Server can help you with this). Also: Why was the software changed? In case of bugs it might be obvious why, but in case of changes in functionality, the business case might be included in the functional analysis and serve as a proof. It also has to be clear who approves of changes and releases, who does reviews of the software.

Of a practical adjustment that is required by SOX, i'm aware of the fact that when you exchange files between systems/components, a hash-key should be generated on each side. These need to be compared to be sure the file wasn't changed during the transfer.

some resources:

- Coping with Compliance: Sarbanes-Oxley and the IT Infrastructure: http://www.information-management.com/issues/20060201/1046573-1.html?pg=1
- Web application security and Sarbanes-Oxley compliance
http://h71028.www7.hp.com/ERC/cache/568390-0-0-0-121.html
- Sarbanes-Oxley Act section 404: A Guide for Management by Internal Controls Practitioners (PDF)
www.theiia.org/download.cfm?file=31866 


这篇关于SOX和HIPPA软件要求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆