Archive

Compliance: Did you get the (Pinto) Memo?


The Ford Pinto was a subcompact manufactured by Ford (introduced on 9/11/70 — another infamous coincidence?). It became a focus of a major scandal when it was alleged that the car’s design allowed its fuel tank to be easily damaged in the event of a rear-end collision, which sometimes resulted in deadly fires and explosions. Ford was aware of this design flaw but allegedly refused to pay what was characterized as the minimal expense of a redesign. Instead, it was argued, Ford decided it would be cheaper to pay off possible lawsuits for resulting deaths. The resulting liability case produced a judicial opinion that is a staple of remedy courses in American law schools.

What brought this on? Well, a recent conversation with a healthcare institution went something like this:

Us: Are you required to comply with HIPAA?

Them: Well, I suppose…yes

Us: So how do you demonstrate compliance?

Them: Well, we’ve never been audited and don’t know anyone that has

Us: So you don’t have a solution in place for this?

Them: Not really…but if they ever come knocking, I’ll pull some reports and wiggle out of it

Us: But there is a better, much better way with all sorts of upside

Them: Yeah, yeah whatever…how much did you say this “better” way costs?

Us: Paltry sum

Them: Well why should I bother? A) I don’t know anyone that has been audited. B) I’ve got better uses for the money in these tough times. C) If they come knocking, I’ll plead ignorance and ask for “reasonable time” to demonstrate compliance. D) In any case, if I wait long enough Microsoft and Cisco will probably solve this for me in the next release.

Us: Heavy sigh

Sadly..none of this is true and there is overwhelming evidence of that.

Regulations are not intended to be punitive of course and implementing log management in reality provides positive ROI

– Ananth

Hot virtualization and cold compliance; New EventTracker 6.2 and more


Hot server virtualization and cold compliance Without a doubt, server virtualization is a hot technology. NetworkWorld reported: “More than 40% of respondents listed consolidation as a high priority for the next year, and just under 40% said virtualization is more directly on their radar.” They also reported that server virtualization remains one of IT’s top initiatives even as IT executives are bracing themselves for potential spending cuts. Another survey of 100 US companies shows 60% of the respondents are currently using virtualization in production to support non-mission-critical business services. In other words, they are using it in a “production sandbox” before deploying it on a large scale.