CHAPTER 2: DATA

Line in the sand

“You can’t be serious! That ball was on the line. Chalk flew up. It was clearly in”!

Remember John McEnroe’s infamous outburst in his Wimbledon match against Tom Gullickson in 1981? When it comes to articulating data in the context of controls, we have grown just as accustomed with unequivocal stances:

•  Data with no financial reporting impact is not in scope

•  Servers processing credit card transactions are secured on a separate network segment

•  Dedicated databases house patient health information.

Lines are drawn, sharp and swift, to contain scope: what the data is, where it is located and which regulation applies (See Table 1).

Data

Regulation/Standard

Industry

Patient

HIPAA, HITECH

Healthcare ...

Get Compliance by Design: IT Controls that Work now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.