locked
SOX and HIPPA software Requirements RRS feed

  • Question

  • Dear Architects.

    Can any one provide be a list of SOX and HIPPA regulationes turned into a software requiremets?

    In another what  should I look in a software application for SOX and HIPPA compliance.

    Your inputs are highly appreciated.

    Thanks

    Gags

     

     



    Please do not forgot to mark it as an answer if it is. Thanks Gags
    Tuesday, July 20, 2010 11:29 AM

All replies

  • As far as SOX goes:

    You will need to provide proof of (for a period of time) what software has been changed (changes, bugfix,...) and who did these changes (Source control solutions like Team Foundation Server can help you with this). Also: Why was the software changed? In case of bugs it might be obvious why, but in case of changes in functionality, the business case might be included in the functional analysis and serve as a proof. It also has to be clear who approves of changes and releases, who does reviews of the software.

    Of a practical adjustment that is required by SOX, i'm aware of the fact that when you exchange files between systems/components, a hash-key should be generated on each side. These need to be compared to be sure the file wasn't changed during the transfer.

    some resources:

    - Coping with Compliance: Sarbanes-Oxley and the IT Infrastructure: http://www.information-management.com/issues/20060201/1046573-1.html?pg=1
    - Web application security and Sarbanes-Oxley compliance
    http://h71028.www7.hp.com/ERC/cache/568390-0-0-0-121.html
    - Sarbanes-Oxley Act section 404: A Guide for Management by Internal Controls Practitioners (PDF)
    www.theiia.org/download.cfm?file=31866 


    Dimitri C. - Please mark the replies as answers if they help! Thanks.
    • Proposed as answer by Dimitri C Wednesday, October 12, 2011 7:13 AM
    Tuesday, July 20, 2010 11:59 AM