LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Condense Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Mime-Version:	1.0
Content-Type:	text/plain; charset=US-ASCII
Date:	Tue, 14 Dec 2004 17:29:52 -0500
Reply-To:	Peter Kurilecz <[log in to unmask]>
Subject:	Re: passwords
From:	Peter Kurilecz <[log in to unmask]>
In-Reply-To:	<[log in to unmask]>
Content-Transfer-Encoding:	7bit
Sender:	Records Management Program <[log in to unmask]>
Parts/Attachments:	text/plain (27 lines)

On Tue, 14 Dec 2004 14:10:17 -0800, Michael Edwards
<medwards@digital-> Well, most of what I could find in a quick search
refers to complying with
> ISO 17799. I found some summaries in a compliance matrix here:
> http://documents.iss.net/marketsolutions/SOXISO17799Brochure.pdf

the key section in SarbOX is section 404 which talks about management
assessment of internatl controls. a search of the law and the
regulations (issued by the SEC) do not specifically address IT
passwords or any passwords for that matter.

Besides ISO 17799 don't forget to point your folks towards ISO 15489
the records management standard.

Remember that the IT password requirement is but one of the many
INTERNAL CONTROLS that should be in place to comply with SOX. Other
examples of internal controls would be
records retention schedule
records destruction authorization
File retrieval requests
off-site records transfer documents

peterk

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US