As far as legal requirements are concerned, employing the right
class of network is crucial. Flouting strict rules on the handling
of data can meet with dire consequences. So find out how you can
make sure your client’s ICT systems comply with regulations.
The choice of a network partner to provide connectivity for your
client must take account of many considerations. Few of these
matter more than helping meet the list of regulatory requirements
that are simply a fact of business life, regardless of the vertical
sector in which your client operates.
Whether in the financial services market, the manufacturing
industry or the public sector, your client needs ICT systems that
comply with the law. With many of these regulations dictating how
corporate data must be managed and stored, the wide area networking
element of your client infrastructure plays a central role in
ensuring your client stays on the right side of the law.
Critical technology
A reliable data
network capable of handling large amounts of traffic safely and
with no impact on quality or speed is not a luxury - it’s an
imperative for every type of organisation, not just major
multinationals.
The burden placed on the data network isn’t helped by the vast
increase in volumes of corporate information.
Analyst company IDC estimates that corporate data levels are
growing globally by 57% a year. Analysts say that the data
processing requirements of the financial sector alone are
increasing by up to 70% per annum, mainly driven by legislative and
regulatory demands.
Security first
‘There are a number of standards for information management
security that require companies to look at risks and put in place
appropriate controls,’ says Ian Piper, Information Security Manager
with Virgin Media Business. ‘Exact regulatory requirements will
vary from sector to sector.’
Ian advises anyone looking for a reliable networking partner on
a client’s behalf to choose someone with ISO 27001 accreditation.
‘This demonstrates the right systems and services procedures, which
can be further enhanced in order to add value for the client,’ says
Ian. ‘You don’t just want a service provider who is trying to sell
you the cheapest piece of string. You want someone who understands
the value of data and the risks that data faces. We’re here to help
you get on top of customer requirements on regulatory issues, in
case they’re not clear.’
Regulatory pressures on networks – sector by sector
Vertical sectors, such as financial services, demand tough
levels of network security as well as ample levels of bandwidth.
Institutions like these therefore need to approach the sourcing of
critical network infrastructure with great care.
Their network must permit data to be accessed and stored with
the least delay possible, necessitating the right class of fibre
infrastructure. With sizable backbone capacity and dense fibre
coverage, an institution can ensure that performance is up to
scratch and that there’s minimal risk of data loss in the event of
a disaster. By law, the head office and corporate data centre must
be sited in separate locations, requiring resilient, high-speed
connections to link them.
Professional services practices and companies in the broadcast
and media sectors need a network that ensures safe delivery of
large amounts of rich, multimedia data. Solicitors, in particular,
are pressured to protect the security of key data, as demanded by
their professional code of conduct. Accountants also face
regulatory pressure to handle client data securely, due to their
role as auditors for major corporations.
Nor is the public sector beyond the reach of the regulator.
Local and central government bodies, health authorities, police
forces, etc, all face rules about availability of services on the
internet. ‘The public sector is distinct from others, in that it
will be looking for a connectivity partner with the ability to
offer protection of data to Impact Level 2, 3 or higher,’ says
Ian.
Any sector that regularly employs a customer’s credit card
details, such as retail, must adhere to the Payment Card Industry
Data Security Standard (PCIDSS), aimed at protecting a customer’s
card data as it moves across a network.
Laws, directives and standards
Basel II
A European law
that requires improved risk management from all companies,
particularly those in the financial services and insurance
sectors.
Sarbanes Oxley (SOX)
A US law
regulating financial practice and corporate governance. A UK
business with links to the US needs to take account of SOX and must
have the network resources to cope with compliance on rules about
the handling of data.
Data Protection Act (DPA)
The much feared and often contravened DPA
dictates the level of protection that must be afforded corporate
data, particularly that which concerns customers. ‘Under the DPA,
all organisations have a duty to take reasonable steps to store
confidential data securely, especially if carrying out transactions
with that data over a wide area,’ says Ian. ‘We can help by looking
at the level of data they are working with to ascertain what the
risks are and then recommend a solution. We’ll work with both the
technical adviser and their customer.’
MiFID
The UK’s financial
services watchdog recently introduced a directive called ‘MiFID’,
which means transactions no longer have to pass through the London
Stock Exchange. To allow trading between a range of widely
distributed exchanges requires a low latency network solution.
ISO 27001
Organisations of
all types are being pressured to comply with the ISO 27001
standard, which governs information security management.
Further reading
IT magazine CIO
reports on IDC’s demand that business security ‘must keep pace’
with data complexity.
http://www.cio.co.uk/news/3202156/idc-business-security-must-keep-pace-with-data-complexity/
Read more about
ISO 27001 security accreditation.
http://www.27001-online.com/auditing.htm
*Virgin Media Business is not responsible for the content of
external websites.
