KnowledgeTree in Compliance Scenarios
From KnowledgeTree Document Management Made Simple
Contents |
Introduction
Regulatory compliance certification is typically undertaken by the system operator, and not by the software vendor. Regulatory compliance is a function of both the technologies used, and (most importantly), of the processes put in place around the technologies.
Go to Health Insurance Portability and Accountability Act for more information.
Functionality and Open Source
KnowledgeTree provides user and document security and activity audit trails, which support accountability, non-repudiation, and appropriate access controls. Additionally, KnowledgeTree’s open source nature ensures that your organization can easily audit the application source code and be secure in the knowledge that no vendor security bugs or backdoors are present.
General Security
You should familiarize yourself with general security best practices for your operating system platform and review the KnowledgeTree Security Primer.
Authentication and Authorization Policy
In a regulatory compliance scenario, we recommend that KnowledgeTree is configured to utilize a centralized LDAP or Microsoft Active Directory Directory Server to manage corporate authentication and authorization. The Directory Server should implement well thought out policies that reflect best practice for password complexity and aging.
Encryption and Signing
You may elect to utilize encryption for your server drives to ensure that, should the drives be stolen or incorrectly decommissioned, the drive contents are not available: http://www.truecrypt.org/
Additionally, we recommend that you bolster your digital signing and non-repudiation of documents with a tool such as GPG: http://www.gnupg.org/
It’s likely that, in future, we will release support for GPG and other encryption technologies, in order to provide more of the compliance technology solution 'out of the box'.
del.icio.us
digg
reddit
facebook
stumbleupon
