| Compliance |
Built to be Compliante-fort can reduce compliance issues surrounding the retention and storage of data, as the system is designed and built to be compliant in the first place – no need for customers to reinvent the wheel. Audited design and buildEvery aspect of the underlying e-fort infrastructure and supporting business processes have been audited by BDO Kendalls. In addition, data management operations are regularly audited, which includes an audit of restore and DR capabilities. This includes an audited complete system disaster recovery (DR) rebuild of a customer site, performed at least once every year. Standardse-fort has been designed and built to comply with specific international standards that govern the storage of electronic data. These include; PCI DSS PCI DSS stands for Payment Card Industry Data Security Standard, and is a worldwide security standard assembled by the Payment Card Industry Security Standards Council (PCI SSC). The PCI security standards are technical and operational requirements that were created to help organizations that process card payments prevent credit card fraud, hacking and various other security vulnerabilities and threats. The standards apply to all organizations that store, process or transmit cardholder data – with guidance for software developers and manufacturers of applications and devices used in those transactions. A company processing, storing, or transmitting cardholder data must be PCI DSS compliant. ISO27001/27002 ISO/IEC 27001, part of the growing ISO/IEC 27000 series of standards, is an information security management system (ISMS) standard published in October 2005 by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). Its full name is ISO/IEC 27001:2005 - Information technology -- Security techniques -- Information security management systems -- Requirements but it is commonly known as "ISO 27001". ISO/IEC 17799 This standard is predominantly concerned with the security of electronic information. It also recommends ways to prevent loss, modification or misuse of user data in application systems and also to protect the confidentiality, authenticity and integrity of information. AS/NZS 7799.2 This standard specifies the requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented Information Security Management System (ISMS) within the context of the organisation’s overall business risk. It provides that an ISMS is designed to ensure adequate and proportionate security controls that adequately protect information assets and give confidence to customers and other interested parties. According to Standards Australia this can be translated into maintaining and improving competitive edge, cash flow, profitability, legal compliance and commercial image. The standard is generic and so it is possible to consider exclusion of particular sections. Conformity to the standard can still be maintained if the exclusions do not affect the organisation’s ability, and/or responsibility, to provide information security that meets the security requirements determined by risk assessment and applicable regulatory requirements. ISO/IEC TR 13335-1 through 4 Part 4 of this Standard provides guidance on the selection of safeguards, taking into account business needs and security concerns. Local Acts of ParliamentIn addition to recognised international standards, the retention of electronic data is also bound by several local Acts of Parliament; The Electronic Transactions Act 1999 provides a regulatory framework that facilitates the use of electronic transactions. This document can be found HERE. Section 286 of the Corporations Act - 2001 establishes the need to retain financial records and specifies a minimum retention period of 7 years. In addition, financial records must be retained for this period beyond the transaction completion, meaning a 25-year mortgage document effectively needs to be retained for 32 years from it's creation.This act can be found HERE. |