All
NORCONS
direct connect
Events
Transcripts
Poll Results
Not a Member? Learn More

18002 NOREX direct connect Users and Counting

Connecting directly with your peers has never been easier. This dynamic online community of project-oriented IT professionals connects your staff with similarly-tasked members. Initiate or join conversations of your choice as members post and share behind a secured log-in. Gaining actionable project insight and perspectives from multiple sources is your tactical edge.

Create New Topic

Do you need additional assistance? Please contact the NOREX Information Team.

07/30/18

Kanban Boards

Is your organization using Kanban Boards to track assignments for your respective units? If yes, what are you using any low-tech Kanban Boards (aka White … read more ›

6 Comments
09/20/18

Seeking resources to guide the set up and maintenance of policies and controls

While the enterprise has had an HR policy manual for many years, detailing vacation policies, sick leave, etc. there were only a few technology related … read more ›

0 Comments
09/18/18

GDPR Policy

A member is working to create a policy for their European sites related to GDPR (General Data Protection Regulation). Can anyone share a policy or … read more ›

0 Comments
08/30/18

Email PST

  1. Do you currently use PSTs? 2. Are you looking at eliminating to PST files to better handle record retention requirements? 3. Do you currently
read more ›

4 Comments
08/22/18

Healthcare member looking for Network Patching Policies

Member in the healthcare industry is seeking policies or procedures for network patching. Specifically related to healthcare. Are there any members willing to share theirs? … read more ›

2 Comments
07/26/18

ADA Policy

We are looking to develop an ADA policy (American Disability ACT). We discussed this in our Enterprise Risk meeting and are putting together a committee … read more ›

1 Comments
08/28/18

How Healthcare Organizations Are Purging Electronic Patient Data

How are other healthcare organizations that use electronic medical records managing the purging of electronic patient data in order to conform with Record Retention Policies? … read more ›

0 Comments
05/09/18

Looking for strategic network audit firm - prefer national

Need to find a company that can perform technical audits for new acquisitions/existing companies for purpose of proper architecture/standards protocols. Plus we will need to … read more ›

4 Comments
08/06/18

China Cybersecurity Law

Please take this brief survey pertaining to the China Cybersecurity Law: 1.) Does your company have operations in China? Yes/No 2.) If yes: what has … read more ›

4 Comments
06/19/18

Records Management

I am looking to implement a naming convention on folders stored on shares that need to be retained for tax or legal purposes. Looking to … read more ›

1 Comments
08/20/18

Identify/Remove Sensitive Data from Instant Messages

Is anyone using an IM “chat scrubber” to identify and remove sensitive data like credit cards or social security numbers from instant messages? We are … read more ›

0 Comments
07/31/18

Your Leadership Thoughts

I am doing a mini-survey on current Leadership Thoughts from the NOREX community. I appreciate your feedback. 1. How did you grow and develop as … read more ›

8 Comments
08/01/18

Risk ranking methodology for TI information technology systems

Hello, I am looking for a risk ranking methodology for TI information technology systems. Thinking about creating a set of questionnaire in order to build … read more ›

0 Comments
07/24/18

High Risk Travel Policy Needed

A member is looking for a High Risk Travel Policy. … read more ›

1 Comments
07/20/18

E-Discovery Service Provider Recommendations

A member is looking for an E-Discovery service provider recommendations. They would use this service when they need to pull large amounts of data together … read more ›

1 Comments
07/20/18

ISO 27000 Templates

I am looking for a set of documents/templates for ISO 27000. I would like to find a set that another organization has used. There are … read more ›

0 Comments
04/13/18

SOX Compliance Question

When any User leaves our organization the following occurs: We disable their AD account If they are embedded in AD email group – they are … read more ›

1 Comments
03/07/18

Patching Vulnerabilities for Non-Running Kernels/Services etc..

Hi, What are your practices on patching vulnerabilities for non-running kernels/services etc. Do you typically accept the risk since the systems are not running or … read more ›

2 Comments
02/09/18

Microsoft Meltdown and Spectre Patches

My team is looking to talk to other members about their plans for applying, or not applying Microsoft Meltdown and Spectre vulnerabilities patches Or other … read more ›

1 Comments
02/07/18

RFP Template for Managed Services

Hello - Three years ago our company did a mass housecleaning of our IT department which resulted in partnering with a third-party Managed Service provider. … read more ›

0 Comments
06/27/18

Microsoft Fully Funded Services

Microsoft recently reached out to us to conduct what they call a: Microsoft Fully Funded Services: License Review & Solution Assessment. We are wondering if … read more ›

3 Comments
Closed Topic
06/14/18

Suggestions for Web Accessibility Tools for QA Testers

Looking for recommendations for web accessibility tools for QA Testers. We are in the process of compiling a list of the top 10 accessibility testing … read more ›

4 Comments
Closed Topic
05/22/18

Policy/SOP to Comply with DFARS 7012

I am looking for a Policy / SOP on document marking, specifically to comply with DFARS 7012, for Department of Defense. It states: 3.8.4 Mark … read more ›

2 Comments
Closed Topic
01/11/18

Encrypting all MPLS network traffic

We are interested in hearing if anyone is currently or has plans to encrypt their network traffic across your MPLS network. If so, what's driving … read more ›

2 Comments
Closed Topic
06/14/17

Commercial MSSP Certification?

Hi there, I come from the world of the U.S. Depart of Defense (DoD) and this is my first foray into the commercial world. When … read more ›

2 Comments
Closed Topic
11/30/17

Defense Industry: DFARS, NIST 800-171

We would be interested in talking with other members that are dealing with the year-end NIST 800-171 requirement to continue being part of the defense … read more ›

2 Comments
Closed Topic
06/01/18

Qualification Document

Can anyone share a help desk qualification document following GAMP5 methodology? Specifically, I would like to qualify Spiceworks but any ITIL help desk qualification would … read more ›

1 Comments
Closed Topic
05/11/18

Pretreatment Information Management Systems COTS and Vendor Recommendations

We are looking for information about Pretreatment Information Management Systems COTS, as well as vendor names and recommendations. … read more ›

2 Comments
Closed Topic
04/17/18

Material Safety Data Sheets (MSDS) Applications

I’m looking for application recommendations used for creating material safety data sheets (MSDS). We currently use MSDGen but have been struggling with it over the … read more ›

5 Comments
Closed Topic
04/24/18

SOX Compliance for Consultant Access Rights

Looking for documentation that members could share regarding SOX compliance for consultant access rights? … read more ›

2 Comments
Closed Topic
04/02/18

How to become ADA Compliant, Specifically for Intranet content/code

A member is seeking information on how to become ADA (American Disability ACT) in IT, specifically for their intranet content and code. They are looking … read more ›

2 Comments
Closed Topic
03/06/18

Policy Creation feedback needed

Looking for a “How to” process for creating policies. Some examples would be great as well. 1. what to look for in creating a policy … read more ›

5 Comments
Closed Topic
03/01/18

O365 Exchange and HIPAA Compliance

Since we now self-insure, we're going to need to make a small portion of our company “HIPAA Compliant”. We're mostly concerned about the Exchange part … read more ›

3 Comments
Closed Topic
03/13/18

PHI Discovery Solution Recommendations Needed

Looking for recommendations for Data Loss Prevention products that scan file share and network assets for PHI (Protected Health Information) discovery and then reports. They … read more ›

3 Comments
Closed Topic
02/27/18

Governance, Risk and Compliance Solution

A member is looking for a GRC (Governance, Risk and Compliance Solution) and would like to know what others have done. Could be as simple … read more ›

1 Comments
Closed Topic
01/17/18

Personally Identifiable Information (PII) Training

Looking for suggestions on a 1-2 day on-line class for PII training. Preferably with some type of test after the training, although this isn't required. … read more ›

1 Comments
Closed Topic
01/25/18

How to manage risk of data duplication due to no interface with enterprise systems

Member looking to find out how other agencies are handling the vast amount of cloud based solutions on the market. As a centralized IT department … read more ›

2 Comments
Closed Topic
01/19/18

SSN Policies/Procedures Related to Sharing Information in Education

Member interested in seeing social security number policies or policies related to how organizations share or don't share social security numbers. Organizations that work with … read more ›

2 Comments
Closed Topic
01/30/18

Risk Register Template

Do any members have a template for a Risk Register that they could share? … read more ›

1 Comments
Closed Topic
01/08/18

What percentage of endpoints have local admin rights?

A member in the manufacturing sector is asking what percent or count of endpoints have local admin rights? This can be for any reason, they … read more ›

3 Comments
Closed Topic
12/05/17

GDPR approved Incident Response Plan

Can anyone share examples of policies around a GDPR approved incident plan? … read more ›

2 Comments
Closed Topic
12/06/17

Publishing an App

Looking for information on the requirements to develop an application for publishing an app on iTunes or the Google Play Store? … read more ›

1 Comments
Closed Topic
12/15/17

Tools for Authoring Online Training

What tools are members using in authoring online training (Camtasia, Moodle etc.)? Need to be able to generate training videos, audio, visual, screen captures while … read more ›

1 Comments
Closed Topic
12/01/17

Requirement for multi-factor authentication for PCI DSS compliance

I am looking for information anyone can share (other than reading LONG regulation specs) about the January 2018 requirement for multi-factor authentication for Payment Card … read more ›

2 Comments
Closed Topic
10/23/17

Vendor Recommendations for Converting PDF's to Online Accessible Versions

I'm working on a project that involves posting 50-100 page PDFs online. Because our organization is committed to accessibility, we need those PDFs to be … read more ›

3 Comments
Closed Topic
10/30/17

SOX Internal Controls and Processes

Our organization is looking for SOX documentation regarding backups. We are looking to review what other companies have done as this will help us to … read more ›

2 Comments
Closed Topic
06/10/17

AHRQ Patient Safety Culture Survey

I am looking for members who have done the AHRQ Hospital and Clinics Survey. I would like to exchange ideas on how you have managed … read more ›

3 Comments
Closed Topic
06/08/17

Instant Messaging message retention

Does anyone have a requirement for IM retention and if so what product do you use? Is anyone familiar with Donoma StoneScribe? … read more ›

5 Comments
Closed Topic
09/07/16

PCI 3.2 Quality Assurance Manual

Hello everyone, I'm looking for a sample of a PCI 3.2 Quality Assurance Manual. Does anyone have one they can share? Thank you! … read more ›

1 Comments
Closed Topic
07/29/16

Third Party IT Security Auditors

We are looking for a third-party IT auditor. Can anyone tell me who they are using and answer the following questions: 1. What was your … read more ›

6 Comments
Closed Topic
07/01/16

Cyber Security Awareness Training

We are looking to replace SANS Securing the Human cyber-security training with a new product. We want a product that is 1) cloud based, 2) … read more ›

4 Comments
Closed Topic
05/16/17

Open Source Software Governance Process

We're looking for process examples for how to manage intake of Open Source software components and solutions into the Enterprise. Primarily focused on API and … read more ›

6 Comments
Closed Topic
04/27/16

Web Application Firewalls

We are looking at where/which web application firewall to deploy. This is to go in our DMZ in front of various web apps, and also … read more ›

1 Comments
Closed Topic
01/17/17

Freedom of Information (FOI) compliance tool

We are a provincial government entity seeking a tool to support freedom of information compliance. Vendor support is being discontinued for the current tool, CSDC … read more ›

1 Comments
Closed Topic
11/17/16

EMC centera / source one

looking for email archiving solutions to replace EMC centerra and sourceone. … read more ›

5 Comments
Closed Topic
09/21/16

Dell DDPE (Dell Data Protection Enterprise)

Hello, Has anyone rolled this encryption software out to an organization over 500+ seats? Can anyone please comment on the following topics: Pilot Solution Deployment … read more ›

2 Comments
Closed Topic
07/11/16

Software Enterprise Life Cycle Management

Has anyone had experience in planning lifecycles for enterprise solutions? We’re currently attempting to define and IT plan for managing the lifecycle of core software … read more ›

3 Comments
Closed Topic
12/14/16

Document Retention

We are looking for a consultant that specializes in helping mid size companies develop a document retention strategy and leading a project to clean up … read more ›

3 Comments
Closed Topic
11/23/16

Pen Test or Security Assessment recommendations?

Hello! We are looking to have an external (network) pen test done and possibly some other security assessments such as a physical pen test, internal … read more ›

4 Comments
Closed Topic
01/07/17

Business Associate Agreement samples for cloud hosts

Our safety & risk folks would like us to develop a business associate agreement (BAA) with any cloud vendor that we do business with that … read more ›

3 Comments
Closed Topic
03/23/17

Digital Asset Management (DAM)

Hello Norex Members, We are currently researching Digital Asset Management and would like to gather information from other organizations. If any Norex members are willing … read more ›

2 Comments
Closed Topic
03/05/17

BYOD security / IT risks

Does anyone have a list of risks associated with supporting BYOD w.r.t. Security, IT, Legal and Governance? Here is what I have so far. IT … read more ›

3 Comments
Closed Topic
05/25/16

Software License Monitoring

Given the complexity of license agreements and the number of vendor software we purchase, I'm looking for an effective means to monitor software license deployment … read more ›

3 Comments
Closed Topic
05/18/16

Active Directory Auditing

Looking for how other organizations are auditing active directory to ensure security. Do you have a checklist of questions? Do you pull logs and analyze? … read more ›

3 Comments
Closed Topic
10/11/17

Onboarding and Offboarding User Provisioning Process Map

In search of any sample documents \ resources for a “user provisioning process map”. Would like to review (possibly adjust) and properly document our current … read more ›

1 Comments
Closed Topic
10/05/17

HIPAA Sanctions Example and HIPAA Breach Notification Policy

A Member is looking for a HIPAA Sanctions example and a HIPAA Breach Notification policy. If anyone can kindly share documents in these areas it … read more ›

1 Comments
Closed Topic
09/28/17

HIPAA Training for non-medical professionals

Can anyone recommend a HIPAA training module for non-medical professionals? We are looking for a HIPAA training course that includes sound, build in testing, SCORM … read more ›

2 Comments
Closed Topic
08/14/17

End User File Retention Policy when Individual Leaves the Company

A member asks what standard practice do other companies follow for end user file retention when an individual leaves their company? The member is looking … read more ›

3 Comments
Closed Topic
09/13/17

Moving Files Without Modifying Them

Does anyone have a tool, or a process (maybe recording checksums,) that can provide documentation that a file that has been ‘moved’ and not ‘copied’ … read more ›

5 Comments
Closed Topic
08/07/17

Public facing website

Do you have publicly facing websites that are accessed outside of the US? If yes, how do you handle website tracker (such as cookies) compliance? … read more ›

1 Comments
Closed Topic
08/03/17

Laws and Regulations Regarding Data in Other Countries

Has any multinational company had experience they are willing to share on laws and regulations of where data must reside for any of the following … read more ›

2 Comments
Closed Topic
07/18/17

Mapping of ISO 27001, HIPAA, SOX & PCI Standards

A member is searching for a document that contains a mapping of the ISO 27001, HIPAA, SOX & PCI standards. Does anyone have something they … read more ›

2 Comments
Closed Topic
07/10/17

Cobit 5

A member would like to hear others experiences with Cobit 5. … read more ›

1 Comments
Closed Topic
06/29/17

SharePoint Compliant with 21 CFR Part 11

A member is asking if anyone has validated SharePoint to be compliant with 21 CFR part 11. Can anyone share feedback on this? … read more ›

2 Comments
Closed Topic
07/05/17

New York Regulation for Cybersecurity Program and Policy

A member is looking for a template that financial companies are developing as a part of the New York regulation for Cybersecurity Program and Cybersecurity … read more ›

1 Comments
Closed Topic
07/05/17

EU GDPR (General Data Protection Regulation)

Looking for information,lessons learned,templates, etc for EU GDPR? I am trying to learn as much as possible about GDPR to ensure we are fully in … read more ›

1 Comments
Closed Topic
05/08/17

ISO 22301 or 27001

As a B2C SaaS company with about 50% of our customers outside the US, we are grappling with how best to implement ISO 22301 or … read more ›

1 Comments
Closed Topic
03/31/17

Seeking guidance for Device & Media Control Policy mandated by HIPAA Regulations

A member is seeking guidance for their Device & Media Control policy with the following HIPAA regulatory references: 164.310(d)(1) - Device and media controls, 164.310(d)(2)(i) … read more ›

1 Comments
Closed Topic
05/01/17

Email Retention

Please share feedback to the following questions regarding email retention: 1. Is email older than the retention period automatically deleted? (yes/no) 2. Do you provide … read more ›

3 Comments
Closed Topic
04/11/17

Video Closed Captioning for ADA Compliance

I'm looking for information on tools for video closed captioning and posting video and content to the web that is ADA compliant. I'm not finding … read more ›

1 Comments
Closed Topic
04/04/17

User access audit software

We are looking for recommendations for user access audit software. When going through our annual IT audit we need to show all users have been … read more ›

3 Comments
Closed Topic
03/10/17

Legally Required Technology Policies

We are a special-purpose district agency that receives federal, state, and local funding, and I’m looking for guidance on legally-required technology policies. We have many … read more ›

3 Comments
Closed Topic
03/13/17

Policy Management Solutions

Have any members deployed Policy Management solutions, such as Archer, Process Unity, etc? If so, how has it worked? … read more ›

3 Comments
Closed Topic
03/09/17

ISO 27001

A member would like to speak with others who have implemented ISO 27001 at their organization for IT Security. How did you go about tackling … read more ›

2 Comments
Closed Topic
02/28/17

Tax software to work with/within SAP to automate the management of indirect taxes globally

What are others using for Tax software to work with/within SAP to automate the management of indirect taxes globally? This includes: determining taxability, calculation of … read more ›

1 Comments
Closed Topic
03/01/17

Email Archiving and Deletion Schedules for Non-Profit Organizations

Looking for feedback on what email archiving and deletion schedules other non-profit organizations use. Do you delete data from both the backup and archive? Also, … read more ›

2 Comments
Closed Topic
02/13/17

External Access to SharePoint

We would like to understand the best practices for successfully providing external access to SharePoint specifically for organizations operating in highly regulated industries. Would you … read more ›

1 Comments
Closed Topic
01/31/17

Monitoring PCI Compliance

I am looking for a checklist/template that shows the items a company should be monitoring to remain PCI compliant? … read more ›

2 Comments
Closed Topic
01/30/17

EDI System Recommendations for Health Care System Organizations

We are looking to replace our existing FTP/EDI system with something more updated and hopefully turn-key. What are other health care systems organizations (insurers, hospitals, … read more ›

2 Comments
Closed Topic
04/06/16

PCI DSS ver 3 - Network Diagram for QSA?

For those who work with PCI DSS Compliance, the requirement for network diagram is to show "current network diagram that identifies all networks, network devices, … read more ›

2 Comments
Closed Topic
02/02/16

Server Encryption

We are investigating encrypting data on our servers and are looking to discuss best approaches with someone who has been through it. We have SQL … read more ›

6 Comments
Closed Topic
12/17/15

Web Application Firewall RFP

We are planning on sending out an RFP for a web application firewall. Does anyone have a document they can share or tips on what … read more ›

1 Comments
Closed Topic
11/03/16

Technical Writing Schools/Online Courses

Seeking recommendations for Technical Writing schools/online courses. … read more ›

1 Comments
Closed Topic
10/25/16

Policy for Data in Data Warehouse

Looking for thoughts and feedback on whether a separate policy is needed to address access to data that is in a data warehouse, or if … read more ›

2 Comments
Closed Topic
12/17/15

Websense Triton/AP-E-Mail Experiences

Are there any members that utilize Websense Triton/AP-Email? We are evaluating the product with a specific requirement for the encryption functionality. Any member that would … read more ›

1 Comments
Closed Topic
10/26/15

Multifactor authentication

Is anyone looking at stricter, e.g. MFA level 4 approaches? … read more ›

1 Comments
Closed Topic
09/16/15

Litigation Holds

We are currently considering third party products to use for Litigation Holds for our Exchange 2013 environment. Curious what other members are doing for this, … read more ›

5 Comments
Closed Topic
09/10/15

HiTrust Certification

Hi, we are looking at completing a HiTrust Certification within the next 24 months and looking for anyone who may have completed the process or … read more ›

1 Comments
Closed Topic
09/01/15

ISO 27001

I would appreciate hearing from anyone that has gone through an ISO 27001 certification process. Dos and Don'ts, DIY vs outside consultants, etc. Thanks. … read more ›

1 Comments
Closed Topic
08/20/15

Secure Password Database

We are looking to consolidate our corporate passwords into one secure database for security reasons and to move to a more global solution for our … read more ›

2 Comments
Closed Topic
03/28/14

Running Anti-virus scans on Linux and Unix servers

Is anyone running anti virus software on their *NIX servers? If so, are you running scheduled scans? What types of applications run on the systems … read more ›

1 Comments
Closed Topic
05/27/15

PCI Scope and Required Resources

I would like to get in contact with others who face challenges with PCI Compliance, particularly with scope identification/reduction. We’re also interested in the amount … read more ›

1 Comments
Closed Topic
05/28/15

PCI Compliance Password Requirements

Hello, I'm trying to figure out what systems/applications are required for PCI Compliance on passwords. At our company, when an employee logs on to their … read more ›

2 Comments
Closed Topic
04/09/15

Managing employees using cloud applications

How are Norex members managing employees setting up credentials and signing into customer or vendor websites? If an employee leaves do you really know what … read more ›

3 Comments
Closed Topic
06/30/14

Product Labeling Software for Finished Goods (Barcodes)

I'm looking for anyone in manufacturing that can recommend software for labeling finished goods on a manufacturing line. (Ex: lot number, date, barcodes, location, customer.....) … read more ›

2 Comments
Closed Topic
06/24/15

FIPS 140-2 Compliance

Anyone have an experience in FIPS compliance? This is very new to me and we have a potential opportunity on the horizon that would require … read more ›

1 Comments
Closed Topic
05/08/14

Local Administrator Rights Management

Hello All, I would like to know if any of the NOREX members have experience with restricting Local Administrator Rights on PCs. Are you leveraging … read more ›

6 Comments
Closed Topic
10/28/15

Patent Trolls

We have been seeing increased activity from Patent Trolls and I am wondering how others are dealing with these parasites? Claims on things like sending … read more ›

1 Comments
Closed Topic
08/19/15

Recommendation for consulting firm to help us implement e-Payment Processing

  • I would be very grateful if NOREX members could recommend consulting firms specialized in helping an organization implement a PCI-compliant Payment Processing solution [Payment
read more ›

1 Comments
Closed Topic
02/17/14

Tokenization

Does anyone have any experience with tokenization for managing credit card processing? I would be particularly interested in alternatives and specific costs. Thanks. … read more ›

2 Comments
Closed Topic
06/02/15

Experience with Sophos or WinMagic for EndPoint Encryption ?

Hello all, Looking to implement endpoint encryption (Full Disk & Removable Media) in the organization and have gotten the selection down to Sophos\SafeGuard and WinMagic\SecureDoc. … read more ›

3 Comments
Closed Topic
03/27/14

Data Access Governance (Varonis, StealthBits)

Looking to connect with members that have looked at, in detail, or implemented Data Access Governance products like Varonis DatAdvantage, StealthBits, or similar competitors. We … read more ›

1 Comments
Closed Topic
01/12/15

PCI Compliance

Hello all, I'm wondering if anyone has been through a PCI compliance assessment and could share some insight and information with me. I have a … read more ›

4 Comments
Closed Topic
04/23/15

Cyber Liability Insurance

I am being asked to weigh in on the terms of cyber liability insurance (new to our company). Does anyone have any guideline to follow … read more ›

1 Comments
Closed Topic
10/28/14

Managed Secure USB drives solution

Wondering if anyone as experience/comments on the product offered by Kingston technologies called Blockmaster SafeConsole? I'm looking into a managed solution for our USB devices … read more ›

1 Comments
Closed Topic
04/01/15

Livestock Procurement Software?

Hi, I am looking into Livestock procurement software that has vendor, inventory, and contract management capabilities. The software needs to be customizable as well or … read more ›

3 Comments
Closed Topic
11/23/15

Is your organization undergoing a digital transformation?

I'm looking to connect with organizations that are undergoing or in the planning process of figuring out what digital transformation means for their organization. I'm … read more ›

2 Comments
Closed Topic
02/13/14

Pre-logon policy acknowledgment?

Does anyone have or know of a solution that forces and acknowledgement of policies before a user is allowed to logon to the network? I … read more ›

4 Comments
Closed Topic
06/23/15

SOX Compliance

Looking for someone that has recently gone through SOX compliance. With a focus on the technology side of SOX. Looking for experience on the E-Commerce … read more ›

1 Comments
Closed Topic
04/09/14

Single Sign On

Has your organization implemented single sign-on within your IT architecture? If "YES", do you allow one sign-on in the morning that provides access to ALL … read more ›

7 Comments
Closed Topic
09/27/16

IT Assessment Consultants

Has anyone been involved in an IT assessment that concentrates on the overall IT environment in the company? Who did you use? This is not … read more ›

4 Comments
Closed Topic
09/20/16

General Data Protection Regulation (GDPR)

The European Commission has approved the new General Data Protection Regulation (GDPR). Companies subject to this regulation have to be compliant by May 2018. For … read more ›

1 Comments
Closed Topic
08/01/16

Internal ACH Electronic Payment System

We currently use a 3rd party to manage our Automated Clearing House (ACH) electronic payments to all of our vendors. That 3rd party manages the … read more ›

1 Comments
Closed Topic
07/08/16

Controls for Complying with HIPPA and FERPA

What type of controls are in place to comply with HIPPA and FERPA as employees utilize Outlook for scheduling medical appointments or other types of … read more ›

3 Comments
Closed Topic
06/13/16

Password Policy Compliance

Like most organizations we are faced with doing business that require us to meet different federal regulations and required standards. We must be PCI, HIPAA … read more ›

3 Comments
Closed Topic
06/08/16

File System Auditor Solutions

I am hunting for information on file system auditors for Windows and NetApp based machines. Something like PowerBroker from BeyondTrust. These systems track when a … read more ›

3 Comments
Closed Topic
06/17/16

HIMSS EMRAM Stage 7 certified Health Care Facilities

A question for Health Care Facilities - Clinics and Hospitals Only. Are you HIMSS EMRAM Stage 7 certified already? If yes, can a member contact … read more ›

1 Comments
Closed Topic
06/06/16

Electronic Health Exchange Network Solution

Has anyone implemented an electronic Health Exchange network solution so that healthcare facilities will be able to seamlessly, securely, and safely exchange patient information nationwide? … read more ›

4 Comments
Closed Topic
06/07/16

Cyber Security Audit Vendor Recommendations for Healthcare Organizations

Looking for member's recommendations for Cyber security audit vendors – specifically companies that can come in and do an audit and create a checklist of … read more ›

3 Comments
Closed Topic
06/08/16

PCI DSS Support Vendor Recommendations

Looking for recommendations for vendors or service providers that help in the overall PCI DSS compliance process, identifying the issues and offering solutions to resolve … read more ›

2 Comments
Closed Topic
05/13/16

Social Security Number Storage

A member asks: How do you store social security numbers? We generally do not store these, but we now have a situation where we need … read more ›

4 Comments
Closed Topic
04/12/16

Mobile/Smart Card e-Payment System

We are looking into an e-payment system for mobile payment/smart card payments. Has anyone implemented such a system? We are currently using Genfare for our … read more ›

3 Comments
Closed Topic
04/14/16

Implementing SSL Inspection Experiences

Has anyone had experience implementing an SSL Inspection security project? What products were used? Were there any issues encountered (i.e. technical, legal, performance, privacy, etc.?) … read more ›

3 Comments
Closed Topic
04/18/16

Issues When End User is Not Local Administrator of Their Windows PC

A member currently makes the end user a local administrator of their PC. They would like to discuss the issues faced with a member who … read more ›

6 Comments
Closed Topic
04/15/16

Data Synchronization with Personal Devices Policy Needed

Looking for defined policies specifically regarding Office 365/DropBox/Google Drive or similar services. These services allow employees to “sync” data between multiple devices – including personal … read more ›

1 Comments
Closed Topic
04/19/16

Policies Specifically Regarding Office 365/DropBox/Google Drive or Similar Services

A member is looking for defined policies regarding data storage and specifically Office 365/DropBox/Google Drive or similar services. These services allow employees to sync data … read more ›

7 Comments
Closed Topic
03/29/16

Data Retention Regulations in Canada

I am looking for any information regarding data retention regulations in Canada. We are looking for data retention period regulated by law. Ex: Financial information … read more ›

1 Comments
Closed Topic
03/31/16

STEALTHbits User Reviews

We sat through a demo of Microsoft-oriented (AD/Exchange/O365/etc) toolset from STEALTHbits. It allows better management of AD groups, change control, and can also help thwart … read more ›

1 Comments
Closed Topic
03/07/16

Cyber Security Training for End-Users

What have other organizations used for Cyber Security Training for End-Users? … read more ›

11 Comments
Closed Topic
03/15/16

Cloud Application Vendor Checklist of Standards

A member is looking for a checklist of standards to follow when engaging with a cloud application vendor. The checklist would include Security standards(SAS70), Retention … read more ›

2 Comments
Closed Topic
02/16/16

Internal HIPAA Audit Best Practice Recommendations

A member is looking for best practices, recommendations and must-dos for internal HIPAA audits. … read more ›

1 Comments
Closed Topic
01/28/16

Record Retention

A member is currently working on revising record retention policy and procedures, and would like input from other NOREX members who have recently done this: … read more ›

2 Comments
Closed Topic
01/28/16

SAML infrastructure for single sign-on

What is involved in setting up a SAML infrastructure for single sign-on? … read more ›

4 Comments
Closed Topic
01/12/16

RSA Archer

A member would like to hear from others using RSA Archer for IT Governance, Risk and Compliance. Can anyone share experience/feedback? … read more ›

2 Comments
Closed Topic
12/17/15

ADA Compliance

Can anyone share information or documentation on the topic of ADA compliance for websites, email correspondence, social media? Specifically, if the standard “readers” for vision … read more ›

2 Comments
Closed Topic
11/20/15

Network Diagram for PCI DSS

A Member asks: I need to create a network diagram for our PCI compliance documentation. It would be helpful to see what other organizations have … read more ›

3 Comments
Closed Topic
12/08/15

ADA Compliant Websites

I have a Member that is starting the process of making their Website ADA Compliant (Section 508). They are interested in hearing from others who … read more ›

2 Comments
Closed Topic
12/15/15

Credit Card Reader Policies

A member is looking for examples of policies / standards for credit card readers, as well as for procedures for maintenance as well. … read more ›

1 Comments
Closed Topic
12/14/15

Acquisitions - IT Concerns

What are the top IT questions that should be asked when considering an acquisition of a company? … read more ›

2 Comments
Closed Topic
12/17/15

Workflow Tool for ISO and SOC 2 Audits

Looking for a tool for workflow and evidence collection for ISO and SOC 2 audits. Various controls for ISO and SOC 2 will have a … read more ›

1 Comments
Closed Topic
11/03/15

Cloud Security

A member asks: Can anyone share documentation dealing with the legal and security surrounding cloud? This information will help us define areas to focus on … read more ›

2 Comments
Closed Topic
11/20/15

RFP for Security Assessment / Ethical Hack

Do any members have an RFP for a Security Assessment / Ethical Hack that they could share? … read more ›

1 Comments
Closed Topic
10/08/15

Public Entity IT Resources dedicated to eDiscovery

What kinds of personnel and technical resources are other NOREX public entity members devoting to eDiscovery and public records requests? A City Government member is … read more ›

2 Comments
Closed Topic
09/08/15

ServiceNow Discovery

Is anyone using ServiceNow Discovery? Please share experience, pros & cons, implementation ideas, etc. … read more ›

1 Comments
Closed Topic
09/18/15

HIPAA Compliance Guidelines for Video Recordings

A member is looking for a HIPAA compliance guidelines for viewing VIDEO recordings of patients from their Psychology department. … read more ›

1 Comments
Closed Topic
07/20/15

PCI Self-Assessment Questionnaire A

I would like to know if any members have filled out the SAQ "A" for PCI. If so, what documentation is needed and how did … read more ›

1 Comments
Closed Topic
08/13/15

Qualified Security Assessor (QSA)

A member is looking for information from others regarding what QSA's they are using for PCI Compliance. Please share feedback. … read more ›

2 Comments
Closed Topic
07/21/15

Hospital Log Retention Plans

How do other mid-sized hospitals (200 beds, 50+ clinics) do their log retention plans? What sources do you gather logs from in order to meet … read more ›

1 Comments
Closed Topic
06/19/15

Requesting Access to E-mail

Looking for a procedure or policy that outlines the steps that need to take place to request access to someone's e-mail. … read more ›

4 Comments
Closed Topic
06/26/15

Open Records Requests with Social Media Feeds

How do others handle Open Records requests which concern their Social Media feeds (Facebook and Twitter)? At this time, our methods to archive from these … read more ›

1 Comments
Closed Topic
06/12/15

SaaS anti-spam solutions

Please share recommendations and experiences with SaaS anti-spam solutions. We are looking for a SaaS anti-spam content filtering solution that is effective at controlling the … read more ›

4 Comments
Closed Topic
06/16/15

Training on IT Contracts

A member is looking for any firms that specialize in training attorneys on IT contracts. … read more ›

3 Comments
Closed Topic
05/26/15

Data Governance Documents

Member is looking for Data Governance documentation that organizations may be able to share on the following topics: Data Governance Initiatives, Programs, Policies/Procedures and Plans. … read more ›

1 Comments
Closed Topic
05/22/15

Disclaimer for Healthcare Call Center

Do any healthcare members know if there are legal implications to not having the disclaimer “if this is a medical emergency please hang-up and dial … read more ›

1 Comments
Closed Topic
04/15/15

Freedom of Information Act

A member would like to connect with a State, County or Municipal government who has implemented a Freedom of Information Act (FOIA) solution by way … read more ›

4 Comments
Closed Topic
04/30/15

Non-Government Organizations Audited According to the NIST Framework

Looking for non-governmental member organization that are audited according to the National Institute of Standards and Technology framework (NIST.) … read more ›

4 Comments
Closed Topic
05/04/15

RightFax Fax Server Application

A member is rolling out the RightFax fax server application and has the following questions: What have users done from the legal standpoint? -how long … read more ›

1 Comments
Closed Topic
05/06/15

IT Risk Management Policy Template

A member is looking for an IT Risk Management Policy Template. … read more ›

2 Comments
Closed Topic
10/10/14

Separation of Duties

Our internal auditors are requiring that IT implement separation of duties for financial systems. In other words, the same person cannot both code a change … read more ›

4 Comments
Closed Topic
04/07/15

Vendors Recommendations for Outsourcing Network and Security Services

A member is in the process of performing an outsourcing exercise for network and security services. They would like to hear from NOREX members who … read more ›

2 Comments
Closed Topic
03/26/15

Drug Supply Chain Security Act

I would like to know if other members have worked a project centered on Drug Supply Chain Security Act (DSCSA, part of the Drug Quality … read more ›

2 Comments
Closed Topic
03/23/15

Outsourcing

A member would like to know if others have encountered this scenario in their outsourcing experiences: We are getting a developer in India who will … read more ›

1 Comments
Closed Topic
02/19/15

Secure Managed FTP and File Sharing Recommendations

Can members recommend solutions for secure, managed FTP and file sharing options for sharing information with parties outside our network. We are not considering Dropbox … read more ›

9 Comments
Closed Topic
03/03/15

Non-Disclosure /Boilerplate Text

A Member is seeking some some “boilerplate text” that schools use on non-disclosure documents for example: the kind of document that most schools make people … read more ›

3 Comments
Closed Topic
01/26/15

SCORM Authoring Tools

Member is looking into SCORM authoring tools for training basic courses. They will like to hear suggestions on authoring tools other members would recommend. … read more ›

4 Comments
Closed Topic
02/26/15

Email Confidentiality Disclaimers

From what I have read, Email confidentiality disclaimers have limited legal impact. Ours is long and now we are adding marketing tidbits like awards for … read more ›

1 Comments
Closed Topic
01/27/15

Dispose/Recycle/Resell Old Backup Tapes

A member is looking for a company that could help them dispose/recycle/resell their old LTO-3 backup tapes. The primary requirement is to make sure they … read more ›

3 Comments
Closed Topic
01/19/15

Vendor Recommendation Needed

A member has merged with a similar organization and as part of this they are looking for **recommendations of a neutral party to help them … read more ›

1 Comments
Closed Topic
01/02/15

Regulatory Compliance for Data Security

Feedback needed for a member regarding what laws / regulations to focus on for data security compliance? They are a medium sized, privately owned food … read more ›

1 Comments
Closed Topic
01/12/15

Applications

Does anyone know of any applications that include project management, scheduling, resource planning and can interface with Solomon (Microsoft Accounting)? … read more ›

1 Comments
Closed Topic
12/26/14

GRC Program Outline

A member is looking for examples of a full security / risk management / GRC (Governance, Risk and Compliance) program outline. They would like to … read more ›

1 Comments
Closed Topic
12/18/14

Contract Research Organizations Applications

A member is looking for what applications or tools other CROs (Contract Research Organizations) use for managing their master schedule. … read more ›

1 Comments
Closed Topic
12/10/14

Internet Sales Terms and Conditions

A member is looking for an Internet Sales Terms and Conditions that simply states what the Buyer and Seller are committing to. … read more ›

1 Comments
Closed Topic
11/27/13

Data Destruction Software

I deal with data containing HIPAA and other sensitive information. I am looking to replace our current software made by Symantec (GDisk) for wiping HD's. … read more ›

3 Comments
Closed Topic
12/16/13

Auditing Tool for SQL Server?

We are wanting to find Auditing Solution for our MSSQL Servers. Any suggestions would be appreciated. Below are our minimum requirements: 1. Track all DML … read more ›

9 Comments
Closed Topic
10/17/14

Chain of Custody

Looking for a "Chain of Custody" Policy or Procedure. … read more ›

1 Comments
Closed Topic
10/16/14

Purchasing Microsoft software for foreign subsidiaries

A member asks: I recently got into a conversation about some companies purchasing Microsoft software for their foreign subsidiaries, to save on currency fluctuations, and … read more ›

1 Comments
Closed Topic
10/28/14

Software Asset Tracking

A Member has an in-house application that they use as a repository of all applications that IT supports. Can members recommend another off-the-shelf solution already … read more ›

4 Comments
Closed Topic
11/11/14

Considerations for European Office

What should a company consider when establishing a European remote based office in regards to MPLS, network and risks? … read more ›

2 Comments
Closed Topic
10/29/14

ZL Technologies

Does your organization utilize ZL Technologies? We are looking at a new compliance record retention application and would like to have a conversation with any … read more ›

1 Comments
Closed Topic
10/14/14

Mobile Device Management in the Financial Industry

Looking for feedback and experiences regarding what Mobile Device Management solutions members in the financial industry are using. … read more ›

5 Comments
Closed Topic
10/10/14

Identity and Access Management

What are other members using for identity and access management? We are currently considering IBM, CA and NetIQ. What are your experiences? What was your … read more ›

3 Comments
Closed Topic
09/30/14

Vendor for E-mail and File Server Searches

A member would like recommendations for vendors who perform e-mail and file server searches in relation to legal due diligence, i.e. an attorney-requested "search for … read more ›

3 Comments
Closed Topic
09/03/14

BeyondTrust to be Acquired by Veritas Capital

A member asks: What does the NOREX community think of this? Is this a good thing or is it a software holding company that tends … read more ›

1 Comments
Closed Topic
09/09/14

AppFirewall using Citrix NetScaler

Has anyone implemented AppFirewall using Citrix NetScaler? If so, who did you use? Can you share lessons learned and information about operation support? … read more ›

1 Comments
Closed Topic
08/14/14

Records Retention Policies

We are looking for Records Retention Policies that cover both paper and electronic documents. … read more ›

2 Comments
Closed Topic
08/26/14

PCI Regulation Requirements

With regard to the PCI regulation requirements 12.6, 12.6.1 and 12.6.2, does your organization add cardholder data security information to your existing annual employee coursework … read more ›

4 Comments
Closed Topic
07/31/14

Log Management Solutions

A member would like to know what Log Management Solutions others are using. They currently have Juniper networks Security Threat Response Manager‎. … read more ›

2 Comments
Closed Topic
07/29/14

Information Security Office

For 25-100k staff sized companies: How do you run your Information Security Office? Do you have a simple CISO embedded in IT? CISO and ISO’s … read more ›

1 Comments
Closed Topic
06/06/14

What are others doing for Secure Printing options?

We would like to find out what people are doing for secure printing - to help reduce the amount of local printers in use. Any … read more ›

3 Comments
Closed Topic
06/05/14

CoNetrix

Has anyone worked with a company called CoNetrix (www.conetrix.com)? They are a networking, security and compliance firm. … read more ›

1 Comments
Closed Topic
05/23/14

Security vulnerability assessment

Looking to conduct an information security vulnerability assessment. Was hoping some other organizations who have gone through this already would be open to having a … read more ›

3 Comments
Closed Topic
05/13/14

Barcoding / RFID

Is your organization using barcoding and RFID to help track IT assets and do you have recommendations for vendors? Do you use RFID tags on … read more ›

3 Comments
Closed Topic
04/30/14

Canada’s Anti-Spam Legislation - CASL

On July 1, 2014 the Canadian Anti-Spam Legislation (CASL) comes into effect. It requires to ask for express consent and to allow recipients to unsubscribe … read more ›

2 Comments
Closed Topic
05/07/14

Centralized File Transfer Solution

We would like to hear of experiences from members using centralized file transfer solutions such as Globalscape or Sterling's Aspera read more ›

2 Comments
Closed Topic
05/06/14

Canadian Privacy Laws Governing Cloud Storage

Are there any Canadian Privacy laws that Canadian Companies need to be aware of when storing data in the cloud? Are there any implications if … read more ›

1 Comments
Closed Topic
04/08/14

Seeking IT Control Examples for a Compliance Manuel

IT Control Examples that would be in a Compliance Manuel for a Financial Services Company. … read more ›

1 Comments
Closed Topic
03/25/14

GIS Data Sharing Policy

We are considering putting together a policy for GIS data sharing. Such policy will stipulate handling procedures for data (vector and raster) requests: whom to … read more ›

1 Comments
Closed Topic
04/01/14

Varonis DatAdvantage

Does your organization use Varonis DatAdvantage and would you be willing have a discussion? … read more ›

2 Comments
Closed Topic
02/25/14

Sensitive Data

What are others doing with identifying and removing regulated sensitive data (SSN, Credit Card Info, etc.) from desktops, laptops and servers? … read more ›

4 Comments
Closed Topic
01/31/14

Open Source Configuration Management Recommendations

What product(s) do you recommend for open source Configuration Management? Mercurial vs Subversion vs git? … read more ›

5 Comments
Closed Topic
01/22/14

Intrusion Detection Systems

Can members provide feedback on the best intrusion detection systems and their cost? … read more ›

1 Comments
Closed Topic
11/06/13

Generic Payment Services

We will soon be undertaking a RFP to evaluate solutions to augment or replace our existing payment gateway that currently processes credit card and ACH … read more ›

2 Comments
Closed Topic
01/09/14

CASL Legislation - What are organizations doing to create/integration with a system?

We are evaluating solutions for handling compliance with the CASL (Canada's Anti Spam Legislation). We currently have no system in place to handle the collection … read more ›

1 Comments
Closed Topic
11/08/13

Mobile Medical Apps

Does anyone have information about FDA requirements in regards to mobile medical applications? … read more ›

1 Comments
Closed Topic