|
Regulations and Frameworks
For most businesses, compliance means meeting the requirements of multiple regulations and industry standards. Spectra allows you to map compliance requirements and controls for multiple regulations and frameworks, so that you can demonstrate compliance across corporate requirements with a single map, reducing the overall time and cost for IT compliance.
By using a single compliance map, you can view implementation guidance for each framework and regulation side by side, add your own corporate guidelines to the map, and satisfy multiple regulations with a single control. Spectra lays out the details in an easy-to-use spreadsheet format, which can be filtered for a single regulation, or expanded for multiple regulations.
Supported Regulations:
SEC 40 Act. The Investment Company Act of 1940 and Investment Advisers Act of 1940 provide bedrocks for SEC regulation of investment companies. Their scope touches day-to-day operations for most companies involved in securities transactions. Spectra provides the only compliance management tool targeted at the SEC 40 Act regulations. With a focus on SEC regulatory compliance for investment companies, Spectra 40 Act provides a comprehensive tool set for financial investment institutions.
Sarbanes Oxley (SOX) impacts every aspect of business today. SOX Section 404 directly affects IT organizations and can be complex, costly, confusing and often ambiguous. In some cases, money spent on SOX and IT compliance is completely consuming discretionary IT budgets. This shift in resources and the manual efforts required to achieve compliance are forcing IT organizations to look for a more streamlined, automated approach towards managing SOX Section 404 compliance. Spectra provides the services and capabilities needed to both achieve, demonstrate and maintain IT compliance with SOX Section 404 requirements. Spectra includes the following features for SOX compliance:
The Payment Card Industry Data Security Standard (PCI DSS) has emerged as the driving, worldwide security standard for companies that process credit card information. A company processing, storing, or transmitting credit card numbers must comply with PCI DSS requirements or risk losing the ability to process credit card payments. Compliance Spectrum is a member of the PCI Security Vendor Alliance (SVA) and Spectra for PCI provides implementation guidance for PCI DSS. You can map PCI requirements to ISO standards, or as a set of standalone controls.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) has substantially strengthened in the last few years. Increasing requirements for patient privacy and data security make compliance an ongoing practice. Spectra provides comprehensive guidance for HIPAA compliance, allowing you to balance the risk of compliance initiatives with IT budget constraints.
Supported Frameworks:
ISO 27002 provides a multitude of recommended areas an organization must address to ensure the security of its information. The standard touches on multiple aspects of information security. To use ISO as a basis for your security program or to meet SOX and other mandates, you must develop a comprehensive set of controls (policies and procedures) that cut across multiple functional parts of the business and IT organization. Spectra lets you map the ISO framework to one or more regulation, with associated implementation guidance.
COBIT 4.1 is an IT governance framework and supporting toolset that allows managers to bridge the gap between control requirements, technical issues and business risks. COBIT enables clear policy development and good practice for IT control throughout organizations. COBIT emphasizes regulatory compliance, helps organizations to increase the value attained from IT, enables alignment and simplifies implementation of the COBIT framework. Spectra allows you to map the COBIT framework to supported regulations with associated implementation guidance, sot that you can apply COBIT security to your compliance practices.
Network Frontiers and Latham & Watkins developed the Unified Compliance Framework (UCF). UCF reduces the total number of controls required for compliance to a set of 12 “IT Impact Zones.” Compliance Spectrum provides a Spectra compliance map for the UCF framework, using the detailed guidance available with UCF. UCF is a natural fit with Spectra, taking maximum advantage of the control consolidation included in the framework.
|
|
|
|
|
|
|
|
|
|
|
|
White Paper
Download Information Technology Compliance Best Practices by Alan Belshaw
 Click here |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
White Paper
Automating the Compliance Management Life Cycle: A Holistic Approach to IT Compliance and Risk Management
Download Now |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Spectra Demo
View our Compliance Officer Demo
Download Now |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
