Standard

Prepare for Disaster Recovery Plan for your company? here is some recommended list for free Disaster Recovery Plan template that would suitable for your need at no cost.

1. Disaster recovery Plan
Publisher: TechRepublic
TechRepublic provide free 23 pages template of DRP, this template could be replaced with your own scenario by replacing client1, client2 at the document. Complete enough for a small and medium company

2. Disaster Recovery Plan
Publisher: IBM
IBM provide free template for your Disaster Recovery Plan. Altough the design of DRP is based on IBM iseries but most of the template could be used in any type of application. The objective of a disaster recovery plan is to ensure that you can respond to a disaster or other emergency that affects information systems and minimize the effect on the operation of the business.

3. Business Resumption Plan
Publisher: Disaster Recovery Journal
DRJ provide a complete series of DRP document from
Development Guide, Recovery Team, Plan Development Checklist, to Business Recovery Plan DRJ also act as complete referrence for A-Z Disaster Recovery Matter

4. Contingency Planning Guide for Information Technology Systems
Publisher: National Institute of Standards and Technology
NIST also provide various document and template for information security matter

Payment Card Industry - Data Security Standards (PCI-DSS) is a set of standard for any company that stores, processes, or transmits cardholder data from VISA, Master Cards to American Express. Here's a six control objectives of PCI DSS, much more simpler than 34 control objectives at COBIT.

1. Build and Maintain a Secure Network
Requirement 1: Install and maintain a firewall configuration to protect cardholder data
Requirement 2: Do not use vendor-supplied defaults for system passwords and other security parameters

2. Protect Cardholder Data
Requirement 3: Protect stored cardholder data
Requirement 4: Encrypt transmission of cardholder data across open, public networks

Public Key Infrastructure is widely used in every business part right now. However PKI still facing a lot of challenges. Here is the challenges and solution for Public Key Infrastructure management.

Challenges

1. Not all applications are already PKI-enabled or PKI-aware. Given that PKI is an underlying infrastructure, non integration with various applications makes it more difficult to deploy.

2. PKI is based on the authentication, or trust, of the digital credential. The amount of effort for authentication can be significant for higher levels of trust.

3. Generally, consulting or specific skill sets are required for most major PKI implementations (whether they are outsourced or done in-house). Not all applications or PKIs are seamless and user-friendly due to poor integration with other applications.

4. The return on investment (ROI) for a PKI alone is zero given that it is an infrastructure and not a direct end-user application. The ROI must be based on the applications built on top of PKI. This is dependent on the points made previously.

Implementation security solution for HIPAA is a very challenging scenario. Listed below five basic considerations before implementing security solution for HIPAA.

1. Costs, which must be kept low on a per-user basis. IT is considered a support function and not necessarily a method of generating more revenue in the healthcare space.

2. Deployment method and costs. Given that there are many parties involved in a typical healthcare transaction (patient, doctor, nurse, administrator, HMO, hospital) having an easy-to-deploy system is essential. Frequent upgrades or replacements would become significantly expensive because most healthcare workers are so frequently mobile.

3. Compatibility with legacy systems. For example, many hospitals still use Novell as their primary network operating system and management tool. Yet in the corporate world, Novell is considered a very small segment of the market. As a result, solutions must take into account that backward compatibility must be maintained.

Tired with Sarbanes Oxley? There is still another regulatory compliance thing that should be prepared: USA Patriot Act, eDiscovery or HIPAA. So what's the differences? Any experience? With this compliances matter? This short explanation from SOX IT Compliances, Christian B. Lahti and Roderick Peterson 2007 maybe could help you.

USA Patriot Act of 2001

This act mainly eased restrictions and increased the ability of law enforcement agencies to search telephone and e-mail communications and medical, financial, and other records. The act also expanded the authority of law enforcement agencies to intercept wire, oral, and electronic communications relating to computer fraud and abuse offenses. Simply put, not only can law enforcement agencies intercept the stated information, they can also require that it be provided.

eDiscovery of 2006

HIPAA (Health Insurance Portability and Accountability Act) standards for the security of electronic health information was effective since 21 April 2005,  The Security Rule complements the Privacy Rule. While the Privacy Rule pertains to all Protected Health Information (PHI) including paper and electronic, the Security Rule deals specifically with Electronic Protected Health Information (EPHI).

It lays out three types of security safeguards required for compliance:

• Administrative,
• Physical, and
• Technical.

Here is simple step for comply to HIPAA audit

Financial Industry especially Banking Industry, is one of the highly IT dependent industry who need a lot of standardization for data communication or reporting. Listed below seven most important standard in Banking Industry

1. UNIFI

UNIFI is the ISO 20022 UNIversal Financial Industry message scheme. It describes a model-driven process for defining electronic finance messages and provides a repository where messages defined according to the process can be registered. Most if not all of the standards bodies in the finance industry are using or planning use the UNIFI process to define standards.

2. TC68

TC68 is a technical committee within the International Standards Organization (ISO) focusing on standardization in the field of banking, securities and other financial services. WG4 focuses on the development of ISO 20022 that defines UNIFI - the UNIversal Financial Industry message scheme.

3. Industry Value Network (IVN) For Banks

In 2005, SAP was approached by a number of banks to discuss the challenges of interoperability, particularly with respect to front office business processes where internally developed applications dominate many large banking operations. An initial working group was created by SAP and a number of banks, service and technology partners that included ABN Amro, Credit Suisse, Deutsche Postbank, ING, Standard Bank and many others. The working group was challenged with defining a standard approach to enterprise Service Oriented Architecture (SOA) for banking business processes. Specifically, the goal was to define services in the emerging banking application landscape such that internally developed software and commercial-off-the-software could both be leveraged by banks to deliver maximum flexibility at the lowest possible cost.

4. SWIFT

SWIFT is a co-operative established by and for the financial industry that provides secure, standardized messaging services and interface software to over 8,100 financial institutions in 208 countries and territories. SWIFT members include banks, broker-dealers and investment managers. While it is a private organization, in many ways, SWIFT is the acknowledged leader in international standards-setting for the financial industry.

ISO 20022 - UNIversal Financial Industry Message scheme (UNIFI) is the international standard that defines the ISO platform for the development of financial message standards. Its business modelling approach allows users and developers to represent financial business processes and underlying transactions in a formal but syntax-independent notation. These business transaction models are the “real” business standards. They can be converted into physical messages in the desired syntax. At the time UNIFI was developed, XML (eXtensible Mark-up Language) was already the preferred syntax for e-communication. Therefore, the first edition of UNIFI proposes a standardized XML-based syntax for messages. The standard was developed within the Technical Committee TC68 – Financial Services of ISO - the International Organization for Standardization.

Mostly financial institutions that want to streamline their communication infrastructure and associated costs by opting for a single, common “language” for all financial communications, whatever the business domain, the communication network and the counterparty (other financial institutions, clients, suppliers and market infrastructures). UNIFI is targeted at these standards initiatives that are generally driven by communities of users looking for more cost-effective and XML-based communications to support specific financial business processes with a particular view of facilitating interoperability with other existing protocols (e.g., MDDL, FIXML, RIXML, XBRL, FpML, IFX, TWIST, SWIFT, RosettaNet, OAGi, ACORD, ISTH, OMG).

Here is the simple comparison between each standard

www.iso20022.org
www.mondovisione.com

New ISO/IEC 24762:2008 provides guidance on:

• Implementing, operating, monitoring and maintaining the necessary facilities and services necessary for disaster recovery.
• Fallback and recovery support for the organization’s ICT systems.
• The capabilities which outsourced ICT disaster recovery service providers should possess and the practices they should follow, so as to provide basic secure operating environments and facilitate the organizations' recovery efforts.
• The selection of a recovery site (e.g. considering factors such as environmental stability, good infrastructure, etc.), and
• Requirements for ICT DR service providers to continuously improve their ICT DR services.

view standard here

XBRL (XML Business Reporting Language) is a XML derivative for Business Reporting purpose. Equal to Chemical Markup Language (CML) an XML derivative in Chemistry field or other XML derivative. The XML trend supposed to changing the way of data communication in financial statement reporting environment, by making interconnection between application become more easier. Imagine the situation when one subsidiary company want to send the financial report to global head quarter, and find the IS auditor should perform mapping account which really time consuming

XBRL supposed to be changing the way of auditor checking the financial statement. But the problem is vary, since its quite new, most of country have decided not to make a consortium to standardize those standard. This standardization should put at the first priority, and after that the implementation at each application will also taking longer time.

In my opinion, we need XBRL when this situation happens:

1. Working with multiple ERP system

One of biggest problem when auditing big and large company with global subsidiary is when checking the consolidated account. Imagine that each subsidiary have their own accounting system. The US based subsidiary have SAP, the UK branch have JD Edwards, and the India based plant have the local develop ERP. So how consolidated account could be checked effectively if we don’t have same language -in this case XBRL.