Can you recommend what kind of IT compliance do we need? (i.e. PCI, SOX, HCCA, ISO 27002, etc)?
Can you recommend what kind of IT compliance do we need? (i.e. PCI, SOX, HCCA, ISO 27002, etc)
We, in the IT department, is focused on making a world class IT service provider. With this, we thought of adhering to globally known IT industry standards such as PCI, SOX, HCCA, ISO 27002, etc. Being a banking software development company, what can you recommend?
We thought of PCI, but we're not dealing with credit cards. also with HCCA (Health Care Compliance Association) but we're with software dev't for banking and not for health care.
- 10 years agoFavorite Answer
I would personally use SOX or ISO, this is due to easier encryption for you, If you are the IT Department then you should realise this.
I have Over 12 years Exp with PC's/Laptop's and Software Design.
If you would like free assistance please dont hesistate to contact me on here.
Here is a little bit of info on SOX
MasterControl SOX? provides a complete and robust solution that ensures sustained compliance. Here are some of its powerful features:
Dynamic Organizers - MasterControl's Organizer, similar to Windows Explorer, is an easy-to-use and dynamic tool for grouping and correlating financial statements with the appropriate business processes, controls, and tests.
Automatically assigns document and form links for easy finding and viewing of documents.
Allows users to organize and view information by business process and/or financial statement.
Automatically retrieves and fills virtual folders within Organizers based on pre-defined queries.
Can be archived to ensure that previous disclosures can be viewed intact.
Documents can be rearranged in different Organizers for future compliance work without changing the documents themselves.
Risk-Control-Test Form - MasterControl provides a preconfigured form that documents and collects data pertaining to the most important elements of SOX compliance: risks for different business processes that could potentially affect financial statements; internal controls to minimize such risks; and continuous testing of controls to ensure their effectiveness.
Links every risk with its control and test through pre-built workflows. It incorporates escalation to ensure that the test is completed.
Testing can be automatically scheduled to ensure that it's never overlooked.
MasterControl's powerful analytics and reporting tool analyzes RCT data and produces a myriad of reports, including the ability to immediately identify any failed controls.
MasterControl offers the option to trigger corrective action once a failure is identified to foster continuous improvement of the SOX environment.
Risk-Control-Test Assessment Tool - This innovative tool reduces the time and effort needed in establishing new SOX cycles.
Allows importation of RCT data from current disclosures en masse. Each RCT form is automatically configured, eliminating errors in manual/individual transfer of information from every form.
Configures scheduled tasks for all tests.
RCT data can be similarly exported in bulk to prepare for subsequent compliance work.
Analytics and Reporting Tool - MasterControl's advanced reporting capabilities include the following customizable reports with online charting:
Risks by business process or financial statement
Significant control report, significant risk report
Test summary by control
Non-effective control report
Test failure/exception report
Sustained Compliance: The MasterControl SOX solution is designed not only to help you attain compliance ? but to sustain it year after year ? by simplifying your SOX environment, fostering efficiency, and keeping compliance costs down. MasterControl provides not only high-quality software solutions, but also comprehensive product training and technical support. More importantly, with MasterControl, you are not just buying a software solution. You are choosing a partner that is committed to your success and will support your compliance efforts over the long haul.