CHAPTER 2: DATA
Line in the sand
“You can’t be serious! That ball was on the line. Chalk flew up. It was clearly in”!
Remember John McEnroe’s infamous outburst in his Wimbledon match against Tom Gullickson in 1981? When it comes to articulating data in the context of controls, we have grown just as accustomed with unequivocal stances:
• Data with no financial reporting impact is not in scope
• Servers processing credit card transactions are secured on a separate network segment
• Dedicated databases house patient health information.
Lines are drawn, sharp and swift, to contain scope: what the data is, where it is located and which regulation applies (See Table 1).
Data |
Regulation/Standard |
Industry |
Patient |
HIPAA, HITECH |
Healthcare ... |
Get Compliance by Design: IT Controls that Work now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
