O'Reilly logo

Compliance by Design: IT Controls that Work by Chong Ee

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

CHAPTER 2: DATA

Line in the sand

“You can’t be serious! That ball was on the line. Chalk flew up. It was clearly in”!

Remember John McEnroe’s infamous outburst in his Wimbledon match against Tom Gullickson in 1981? When it comes to articulating data in the context of controls, we have grown just as accustomed with unequivocal stances:

•  Data with no financial reporting impact is not in scope

•  Servers processing credit card transactions are secured on a separate network segment

•  Dedicated databases house patient health information.

Lines are drawn, sharp and swift, to contain scope: what the data is, where it is located and which regulation applies (See Table 1).

Data

Regulation/Standard

Industry

Patient

HIPAA, HITECH

Healthcare ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required