AKIBIA'S PRACTICAL GUIDE TO ENTERPRISE TECHNOLOGY
Thursday, September 24, 2009
Don’t Put off Until Tomorrow…
The third extension for MA CMR 17 has me thinking of one of my grandmother’s favorite sayings “don’t put off until tomorrow, what you can do today.” As we all know, Massachusetts again extended the deadline for CMR 17 compliance to March 1, 2010 from January. While it’s human nature to see the extension as an opportunity to table compliance projects until the New Year, I caution against that.
While the extension gives your department breathing room it should not mean that you stop moving forward. Use the time constructively to identify current security practices and procedures, and document processes, and then map them to the requirements. This process will give you a clear picture as to where you are vulnerable. Then assess the risk to the business that these gaps represent and prioritize your plans for addressing them. In the end these proactive steps will minimize the amount of work you need to do in the long run, and ensure you are well prepared to meet the requirements.
With this extension, Massachusetts made a few modifications to the requirements. The changes are designed to give companies more freedom to use different technologies to achieve compliance – for example, there is no longer a 128-bit standard for encryption – but the end goal is the same – put safeguards in place to protect consumer’s data. Those of you looking for the right steps to take to address the new regulations might find this earlier entry on CMR 17 in the Akibia blog valuable.
