Corporate Governance

Service Oriented Architecture (SOA) Design Checklist:
- Are the service interfaces using message formats from the canonical model?

- Have initial service contracts been defined between all known service consumers?

- Has the project established service contracts with services being provided by other teams, third-party packages, or external providers?

- Do the service contracts include release schedules for milestone builds that are synchronized with the schedule for service consumer development?

- Have service types been identified for all services, and appropriate service implementation platforms chosen based on those types?

So what is Gramm-Leach-Bliley Act (GLBA) requirement for Protection of Customer Information. Here is simple guidelines based on section V and the ammendment of appendix B. This act require the institution not only to protect but also assess and then control the IT risk.

Section V of the Gramm-Leach-Bliley Act of 1999
Governs privacy in the context of Financial Institution Safeguards.

Section 501(a): It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers’ nonpublic information.

Section 501(b): Establish appropriate standards for the financial institutions subject to their jurisdictions relating to administrative, technical, and physical safeguards
1. To insure the security and confidentiality of customer records and information;
2. To protect against anticipated threats or hazards to the security or integrity of such records; and
3. To protect against unauthorized access to use of such records or information which could result in substantial harm or inconvenience to any customer.

2. Appendix B to Part 570
Outlines the Agency’s expectations for the creation, implementation, and maintenance of an information security program. This program must include administrative, technical complexity of the institution and the nature and scope of its activities. The guidelines describe the oversight role of the board of directors in this process and management’s continuing duty to evaluate and report to the board on the overall status of this program.

What is the cost of non compliances to the regulation? here is the list, from Sarbanes Oxley to HIPAA

Sarbanes Oxley Act
1. Action: Altering, destroying, or concealing any records with the intent of obstructing a federal investigation.
Penalties: Fine and/or up to 10 years’ imprisonment.

2. Action: Failure to maintain audit or review "workpapers" for at least five years.
Penalties: Fine and/or up to 5 years’ imprisonment.

3. Action: Anyone who "knowingly executes, or attempts to execute, a scheme" to defraud a purchaser of securities.
Penalties: Fine and/or up to 10 years’ imprisonment.

4. Action: CEO or CFO who 'recklessly' violates his or her certification of the company’s financial statements.
Penalties: Fine of up to $1 million and/or up to 10 years’ imprisonment.

5. Action: If the violation is 'willful,' the penalty increases. up to 20 years’
Penalties: Fine of up to $5 million and/or imprisonment.

What could give triggers of unethical employee behavior, Here is the list.

1. Efforts to Balance Work and Family

2. Poor Internal Communications

3. Poor Leadership

4. Unbalance Work hours or Work load

5. Lack of Management Support

6. Need to Meet Certain Target (e.g sales, budget, profit goals)

The Gramm-Leach-Bliley Act (GLBA) was enacted by the United States government in 1999. GLBA, also known as the Financial Services Modernization Act of 1999, protects the privacy and security of private financial information that financial institutions collect, hold, and process. The privacy component of this act requires financial institutions to provide customers with an annual notice of their privacy practices, and to provide them the option to direct financial institutions not to share such information.

The safeguards component of the regulation requires financial institutions to establish a comprehensive security program to