SQL Clone
SQLServerCentral is supported by Redgate
 
Log in  ::  Register  ::  Not logged in
 
 
 


Double Compliance


Double Compliance

Author
Message
Steve Jones
Steve Jones
SSC Guru
SSC Guru (281K reputation)SSC Guru (281K reputation)SSC Guru (281K reputation)SSC Guru (281K reputation)SSC Guru (281K reputation)SSC Guru (281K reputation)SSC Guru (281K reputation)SSC Guru (281K reputation)

Group: Administrators
Points: 281972 Visits: 19906
Comments posted to this topic are about the item Double Compliance

Follow me on Twitter: @way0utwest
Forum Etiquette: How to post data/code on a forum to get the best help
My Blog: www.voiceofthedba.com
Gary Varga
Gary Varga
SSC-Forever
SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)SSC-Forever (41K reputation)

Group: General Forum Members
Points: 41542 Visits: 6562
Rarely is any endeavour that is worthwhile is without any pain. Of course, most people here (if not all) know that.

I agree that a single regulation would work. For a start, from a typical non-American viewpoint even the Editorial by a well travelled and rounded individual such as Steve has a whiff of the insular about it. In the UK before we complied with ISO9000 there was BS5750 and there will be numerous different regulations to comply with throughout the world. This would multiply the watering down of regulations not only to be compromised between different industry sectors but also between different countries regulatory bodies.

Targeted regulation will often mean that the appropriate regulations will only exist where it is deemed necessary. Where more than one set of regulations needs to be applied it is obviously a complex scenario and that is where separation of concerns can be applied.

We shouldn't be adding complexity where it is not necessary.

With regards to best practices being practiced or not, I have always though that our industry needs a professional body akin to the legal or medical professions to stop bad practice. It would not have to be heavyweight as I would only want to see it stopping the very worst of practices and practitioners.

Gaz

-- Stop your grinnin' and drop your linen...they're everywhere!!!
Dave Schutz
Dave Schutz
SSCrazy
SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)SSCrazy (2.5K reputation)

Group: General Forum Members
Points: 2470 Visits: 612
I work for a company that is bound by HIPPA and PCI as well as several industry specific regulations and I'm not sure there is a one size fits all set of regulations that would be possible without becoming burdensome. From a strictly data based view yes data is data and must be secure but HIPPA requires many more regulations that PCI does and I'd hate to see all the HIPPA rules imposed on PCI audits.
andrew.courneya
andrew.courneya
Forum Newbie
Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)Forum Newbie (7 reputation)

Group: General Forum Members
Points: 7 Visits: 33
To echo the point that has been alluded to...
As I was reading, there was a growing concern in my mind over the consideration of a 'universal' (I would posit, 'cumbersome') standards set that could apply or be strapped across several industries in common. Rather than a generic form with a great many useful regulations or practices, we may end up with a checklist of 'do this, not this' instead - which seems to be out of scope for what the topic of 'regulation' should really entail.

Gary mentioned that regulation should embody the enabling of people who operate within best practices and governance to be allowed to continue to do what they are already doing well without substantially-increased operational burden.

Offenders however, the worst of the worst - security and sanity threats to the user/customer base - should be stopped and corrected: 'No, you are not doing that correctly - here is an industry-standard set of evaluated, tried, tested, and proven methods for how to do it the right way going forward.'

Regulation, for whatever it's worth, should be imposed with the intention of protection and preservation, not for the purpose of elitism or any ulterior motive, should it not?
srmc
srmc
SSC Veteran
SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)SSC Veteran (243 reputation)

Group: General Forum Members
Points: 243 Visits: 23
We're in the healthcare field and bound by HIPAA as well as some other regulatory rules. While they are a pain and somewhat costly to do, ultimately they are helpful in making sure we've got the right policies and practices in place. In some ways, going through the regulations limits others from competing with you given the barriers to entry.



chuckboycejr
chuckboycejr
Grasshopper
Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)Grasshopper (18 reputation)

Group: General Forum Members
Points: 18 Visits: 1346
The other thing to consider with the compliance space is that it is a profit center for Audting companies. If someone is billing high hourly rates to ensure you are compliant they don't have much incentive to make it quick and easy. No matter how hard you try to be compliant, you will be dealing with a Ninja who wants to and will find any little reason to make the audit a demanding, exacting experience.
TravisDBA
TravisDBA
SSCertifiable
SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)SSCertifiable (5.4K reputation)

Group: General Forum Members
Points: 5412 Visits: 3069
srmc (4/8/2013)
We're in the healthcare field and bound by HIPAA as well as some other regulatory rules. While they are a pain and somewhat costly to do, ultimately they are helpful in making sure we've got the right policies and practices in place. In some ways, going through the regulations limits others from competing with you given the barriers to entry.


This type of regulation (HIPPA,SarBox,etc.) in all industries is quickly becomng a reality. The government sector particularly. You may not like it, but that doesn't mean it is not going affect what you do in the job place in the near future, particularly in the information business. If you don't like regulation, then you are living in the wrong country during the wrong administration. Government regulation is quickly becomng much more involved in all of our lives, period. Whether we like it or not, is really irrelevant, its comng anyway, and competition avoidance isn't the driving factor as you tend to imply. It is primarily litigation avoidance. :-D

"Technology is a weird thing. It brings you great gifts with one hand, and it stabs you in the back with the other. ...:-D"
Go


Permissions

You can't post new topics.
You can't post topic replies.
You can't post new polls.
You can't post replies to polls.
You can't edit your own topics.
You can't delete your own topics.
You can't edit other topics.
You can't delete other topics.
You can't edit your own posts.
You can't edit other posts.
You can't delete your own posts.
You can't delete other posts.
You can't post events.
You can't edit your own events.
You can't edit other events.
You can't delete your own events.
You can't delete other events.
You can't send private messages.
You can't send emails.
You can read topics.
You can't vote in polls.
You can't upload attachments.
You can download attachments.
You can't post HTML code.
You can't edit HTML code.
You can't post IFCode.
You can't post JavaScript.
You can post emoticons.
You can't post or upload images.

Select a forum







































































































































































SQLServerCentral


Search