Chad Bartosh, IT director at North Dakota Credit Union League--a statewide association of credit unions--says the small firm has limited resources and is working to identify a vendor that will help it meet Federal Financial Institutions Examination Council (FFIEC) rules and other regulations.
"We're trying to get everything done through one shop so we don't have to work with multiple vendors," he says.
While businesses wrestle with regulations like Sarbanes-Oxley, the Edmonton Police Service has other rules it must follow. "We're in the same boat, really," Clissold says.
In order to access federal police systems, the service must use two-factor authentication and has deployed RSA SecurID to meet that requirement. Also, the service must meet the standards of the Commission on Accreditation for Law Enforcement Agencies.
Some regulations, such as HIPAA, aren't particularly challenging because they're just common sense, says Andy Sutton, network services manager at Texas Health Resources, a nonprofit healthcare system with about 25,000 users.
"Most of [the requirements] are things that a good organization would be doing any way, such as protection of information and preventing unauthorized access to information," he says.
Moreover, vendors are building in accommodations for HIPAA requirements for authorized access to patient information and logging access to that data, he says.
