INFORMATION FOR COMPLIANCE DIRECTORS

 

These are the main considerations for Compliance Directors when starting a Desktop Virtualisation project.

 

 

KEY TOPICS

 

Information Security

Data Protection

PCI DSS

CRC

Redundancy

Disaster Recovery 

 

 


INFORMATION SECURITY

 

How do you get back information that has been stolen or published wirhout your consent?

 

The recent wikileaks exposure show how easily a quarter of a million documents could be stolen and published without the Pentagon noticing until after the announcements were made.

 

Most criminals or disgruntled employees would not advertise the theft of sensitive information and the first thing you would know about it would be after a serious breach had already occurred, or the information had already been disclosed (or as is increasingly common, sold to a competitor).

 

DATA PROTECTION ACT

 

New powers under the Data Protection Act allow for fines of up to £500,000 for each breach where negligence can be shown on the part of the organisation.

 

"The Data Protection Act 1998 is a United Kingdom Act of Parliament which defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK"

 

PCI DSS

 

The Payment Card Industry (PCI) also have strict legislation regarding the storage of financial information.

 

Failing to meet PCI DSS criteria means that the ability to store credit card information or take payments from credit cards and debit cards can be withdrawn.

 

Most modern businesses could not survive without being able to accept electronic payments.

      
CARBON REDUCTION COMMITMENT

 

The scheme started in April 2010 and is administered by the Environment Agency, the Scottish Environment Protection Agency and the Chief Inspector (Northern Ireland Environment Agency).

It is central to the UK’s strategy for improving energy efficiency and reducing carbon dioxide (CO2) emissions, as set out in the Climate Change Act 2008. It has been designed to raise awareness in large organisations, especially at senior level, and encourage changes in behaviour and infrastructure.

In October’s Spending Review the UK Government announced that the CRC will be simplified to reduce the burden on businesses, with the first allowance sales for 2011/12 emissions now taking place in 2012 rather than 2011.

 

REDUNDANCY

 

To an IT Manager "redundancy" means having more of something than you actually need just in case one breaks.

 

Redundancy is how IT departments cope with failures in key components and try to recover without anyone realising that it has happened.

 

 

To a Financial Director having "redundant" IT equipment means paying for something that is not actually needed and might become outdated and end-of-life before it is ever used.

 

The technology behind Server Based Computing and Virtual Desktops allows organisations to provide highly reliable "redundant" infrastructure, but one that makes use of all available resources and distributes load over all devices.

 

This "load balancing" ensuring that no processing power is sat idle waiting for a disaster that might never happen.

 

DISASTER RECOVERY

 

IT departments will often have to dedicate a significant portion of their budget to the provision of "redundant systems". In most cases "redundancy" means buy twice as much of everything that is important, just to be sure.

 

As the name suggests, these systems are sat idle (sometimes for years on end) just waiting for a disaster to happen. It is quite common for redundant systems to have become obsolete before they have ever been called into service.

 

The modern generation of Virtual Desktops, Server Based Computing and Cloud Computing allows organisations to provide Disaster Recovery without needing to pay for redundant systems.