Regulations for my organization

Posted on 2006-03-20
Last Modified: 2010-04-11
I have been at this job now for about a year. It's been a very crazy year. The guy before me left the network a mess. It was common for DNS issues the phone systems and other things to go down on a weekly basses. After getting the network stable and finally just rebuilding and upgrading the whole thing to 2003 windows and upgrading all the desktops to XP. I am now wondering what my 501c nonprofit organization that provides loan (so I'm guessing we're a financial institution) would fall under. I would like to know so that I can begin to work towards making sure we are following all regulations for our industry. Where can I find information about this or where can I go to find out what we should be following?
Question by:daviddvg1
    LVL 2

    Expert Comment


    Author Comment

    Thanks. I know my accounting department is following this, but i've heard one of the VP's say that since we're 501c we don't need to. What must I do from an IT Dept point of view. Should i be archiving all email? should my servers be in lock down 24/7? I have a door w/ a lock on it to the servers, but know one knowes where keys maybe.
    LVL 2

    Accepted Solution

    As a good practice from a security standpoint, I would recommend reviewing the SOX and other applicable regulations as they will help protect the organization from harm.  Most of these are guides to assist with best practice methods.

    I would suggest that you contact SOX or someone outside of the organization and verify if they agree that you do or do not fall under this regulation because the organazation is a 501c and that you do not have to follow the SOX regulations.  I would actually be somewhat surprised that you would not have to follow them because you are handling finicail information.

    In order to best protect the IT Staff, I would also suggest besides the SOX, review the NIST guidelines to help better protect your systems and ultimately yourselves.

    If one where to follow the baseline for best router configuration practice, firewall, server, etc...This can only better prepare an organization for attacks in the future.  I have worked with one 501c and secured their network.  I believe because they were a 501 organization that is why we saw high volume of illegitimate traffic.

    Featured Post

    Gigs: Get Your Project Delivered by an Expert

    Select from freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely and get projects done right.

    Join & Write a Comment

    Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
    If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
    how to add IIS SMTP to handle application/Scanner relays into office 365.
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…

    746 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    15 Experts available now in Live!

    Get 1:1 Help Now