WASHINGTON -- ATIS announces the formation of the ATIS Information and Data Security (IDS) Committee, a new standards committee that will identify and address information and data security topics specific to the communications industry.
The ATIS Board of Directors voted unanimously to establish the new committee, which will provide a forum for the sharing and development of best practices and security approaches and, when appropriate, the creation of IT data and security standards.
The increasing amounts of customer and business data that must be secured and maintained is placing a growing importance on the need for privacy and protection protocols in information technology organizations across the telecommunications industry, said Susan Miller, president and CEO of ATIS. The ATIS CIO Council identified data security and compliance with Sarbanes-Oxley as two of its top priorities for 2006. The IDS is the ideal venue to ensure best practices are identified and standards are developed to organize and secure key customer and business databases.
The IDS will initially focus on requirements just released by the ATIS CIO Councils working groups on security issues and Sarbanes-Oxley (SOX) compliance. Initial IT security activities include:
- the development of a Data Privacy and Protection Whitepaper focused on industry-specific concerns and potential solution alternatives;
- the completion of a security strength analysis survey that will be used to determine areas to focus development of best practices; and
- the completion of a taxonomy of existing security standards and development of a method whereby carriers can address security issues using a standard reference model.
With respect to SOX issues, the initial IDS focus includes:
- a review of Logical Access best practices to develop requirements to be used for a technological solution;
- a review and comparison of audit practices in order to minimize the impact/cost of testing; and
- the development of a compliance synchronization whitepaper that includes an accountability matrix, recommendations regarding the roles of compliancy personnel within an organization, and information regarding segregation of duties related to logical access.
Alliance for Telecommunications Industry Solutions (ATIS)