NASD

Huh, what?

NASD – National Association of Securities Dealers

Recently I was asked about audit requirements of the NASD and if I’d had any experience with writing corporate governance policies as they regard to NASD.  I specifically stated that I did not, however with SEC, SOX, GLB, PCI, HIPAA, COBIT, and DoD auditing experience I told them that I could definitely step up to the challenge.  In the process of my reading it came to my attention that many firms are offering various guidance for these services in helping companies figure out what they mean.

 Sorry, I’ve broken my train of thought.  Went to answer the door and the neighbor had brought over dinner.  Heh…being single is nice sometimes!

Anyhow, on with the saga of audits!

So as you can see, there are many acronyms out there and many many more I did not list.  However, in my experience if you understand the basics of why these different things were put into place everything else simply falls into line for your audit.  Here are some top 8 points to get you started:

1.  Ensure your passwords are “strong” passwords.

2.  Storing passwords need to be encrypted, password protected and access/modifications to the file tracked in some manner.
 
3.  Identify any and all IT equipment used to store/or that may contain SSN, account numbers, credit card numbers or other “covered” data. Ensure they are encrypt files/databases with access/modification tracking.
Note:  This includes CDs, DVDs, tapes, memory sticks, handheld devices and any other transportable media that may contain data covered by the specific audit you are going through.  Delete the data, destroy the media or secure the media in a locked location.

4. Review all servers to which you have access for covered data. Delete or encrypt any files with covered data.

5.  Ensure that Antivirus software is installed and up to date.

6.  Ensure systems have latest security patches.

7.  Lock up any paper documents with covered data. If they are no longer needed, destroy them in an approved manner (for instance, hire a document management company to shred CDs, Disks, and paper).

8.  Last, however by far least, document, Document, DOCUMENT EVERYTHING!  How does your network communicate, what happens with traffic (such as customer data on the network, credit card data, financial data, account data, health records, etc etc…), who has what access, DR planning, SIR planning for breached data, and so on and so on.

Then I encourage you to look up specifics.  Please keep in mind I am approaching this from an IT perspective an none other at this moment in time.  There are plenty of resources on the web for you to lookup.

heh.  :p  I’m always available on a contract basis to help you more in depth …

Note:  This is an as is document with no warranty implied or otherwise.  It by no means is meant to specifically state what will help you complete a specific audit.  As stated either contact a consultant or experienced IT audit firm for more specific help in preparing your organization for compliance with these laws/acts/guidelines.

Advertisements

One Response to “NASD”

  1. Regulatory compliance for financial firms is always interesting.
    I don’t handle NASD compliance as much (stepped out of that arena and focused on SEC compliance for investment advisers) but it is some onerous stuff.

    I respect anyone w/IT expertise in this arena. If you’d like, kindly send some info on your firm and we can make this available to our clients who often seek assistance finding processionals.

    Thank you!

    Best regards from the Leelanau Peninsula –

    B. Dickinson

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: