Now that e-commerce websites are so popular, it’s hard to remember how we shopped before. On the web we can find just about any product we need, anywhere in the world, in just minutes. And when it’s time to pay, we don’t have to stand in line – we can check out in seconds.But even though it’s so easy, one concern still keeps some people from shopping online: security. Cautious shoppers worry that their personal financial data will be stolen.
In response, several credit card companies jointly developed the Payment Card Industry Data Security Standard (PCI DSS). Based on PCI DSS, Visa then developed Payment Application Best Practices (PABP), which is now known as Payment Application Data Security Standard (PA-DSS).Since your clients will have to comply with PCI DSS and PA-DSS, they’ll expect you to be familiar with the standards and to select the technologies that make compliance easy. Keep reading…
Background: An online retailer had been contacted formally by their bank, with whom they had a merchant account to take debit and credit card payments. The retailer was not completely aware of the level of charges for different types of transaction and the precise contractual obligations and risks (e.g. for fraudulent transactions) they had adopted. Their bank was also recommending to their merchants they appoint a preferred US-based company for advice on achieving PCI DSS compliance.The online income was only a small part of the retailer’s turnover, but provided wider access to their portfolio of products.
Approach: The retailer had to respond formally to the acquiring bank within a month. Since they were not currently PCI DSS compliant, there was a risk that if they did not reply, greater processing charges might be imposed or even that the facility could be withdrawn. Lack of compliance also opened the retailer to the risk of becoming liable to fines or financial penalties imposed by the payment card issuers and acquiring bank in order to cover the increased risk of fraud. Watson Hall met with the retailer’s team to review the payment processing data flows and undertake a gap analysis against the relevant PCI DSS requirements. Keep reading….
The purpose of a case study is to study intensely one set (or unit) of something—programs, cities, counties, work sites—as a distinct whole. What does this mean? For a program designed to encourage bars to observe the smoke free bar law, an evaluation must document the program’s impact on the bars and on the behavior of people in the bars. In a non-case study design, one might decide to observe a series of randomly selected bars to see whether bartenders take some action to enforce the smoke free bar law when customers begin to smoke.
This style of evaluation entails collecting data on bartender behavior from a random sample of bars large enough to be representative of the entire population of bars from which you sampled. In contrast, a case study design focuses on a hand-picked set of bars (sometimes even just one bar). Before the program begins, the evaluator spends time in the bar(s), observing behavior and talking with people. As the program progresses, the evaluator continues to make observations and to int erview the owners, managers, employees, and customers. She might observe the bars at various times of the day to monitor compliance with other smokefree rules, such as the absence of ashtrays. Keep reading…
Making Documents Accessible: As any quality-assurance professional will attest, it can be challenging to get employees (particularly experienced ones) to consult documented procedures regularly. As humans, we are prone to cognitive biases and may overestimate our own level of comprehension or fail to notice shortcuts and errors as they creep into our well-worn routines. These biases are at play in the workplace and can lead workers to neglect written procedures in favor of their own memories or memory aids.
A classic example is the manufacturing operator who writes machine settings on his or her glove instead of walking across the suite to consult the standard operating procedures. The challenge of getting workers to consult procedures is compounded by the loss of accessibility that can accompany strict document control. This loss of accessibility is subtle but cumulative in its effects. Controlled documents are more likely to be managed by a central group in a central repository, so paper documents are not as close at hand. Read more onMaking Compliance Comprehensible
A Study about Fair Work Ombudsman: Commonwealth Ombudsman
Executive Summary: The Commonwealth Ombudsman’s office has an interest in the exercise of powers that can have an impact on the rights of the public. The Office of the Fair Work Ombudsman monitors compliance by employers with the Fair Work Act 2009 (Fair Work Act), as well as relevant awards. One way it does this is by investigating claims made by employees about their employers. To assist it in these investigations, the Office of the Fair Work Ombudsman has certain powers that allow it to obtain information and documents. For the purpose of this report, these powers will be referred to as coercive information-gathering powers. Our office receives complaints about the Office of the Fair Work Ombudsman from both employers and employees. As employers are often the subject of an investigation by the Office of the Fair Work Ombudsman at the time they complain to us, it can be difficult for us to undertake an investigation without running the risk of intruding upon its investigation.
We decided to undertake our own investigation to gain a better understanding of the Office of the Fair Work Ombudsman’s internal processes when using its coercive information-gathering powers during an investigation. In undertaking this investigation, we relied upon a recent report by the Administrative Review Council (ARC) that sets out 20 best practice principles for the exercise of coercive information-gathering powers. The ARC principles were used as a way of assessing the Office of the Fair Work Ombudsman’s practices and procedures. Overall the investigation found that the Office of the Fair Work Ombudsman has practices and procedures that help it to comply with the majority of the ARC principles. The report highlights several positive examples for other agencies seeking to achieve best practice in this area. This is one of the factors that has influenced us to publicly release the report. Read more in Fair Work Ombudsman
A Study report on Leadership As A Function Of Power
How can power be used to influence behavior? How many types of power exist? Which are most likely to produce the compliance and commitment we seek from subordinates and peers? These kinds of questions have been studied and discussed for centuries. A scholarly analysis of recent research is offered by Gary A. Yukl, State University of New York at Albany
In his several textbooks on leadership. Specifically, his textbook, Leadership in Organizations, Second Edition, published in 1989, reviewed the research to date on power and how it influences behavior and leadership effectiveness. Two of his tables on the subject and selected short excerpts are included here. Keep reading…
Today’s organizations have a complex security management challenge on their hands. They need to orchestrate a broad range of security processes and technologies to secure their organizations in the face of increasing pressure to demonstrate compliance with a host of new regulations. More important, organizations must mitigate risk and maximize security in a way that ensures business continuity, maintains budgets, and achieves operational efficiencies across the board.
Check Point security management solutions are designed as an interoperable system based on a core unified security architecture which enables the central control of security policy across multiple layers of the infrastructure. This enables organizations to achieve maximum security effectiveness through the efficient day-to-day monitoring and updating of security policy and defenses. A central console provides administrators with total visibility across their security infrastructure, providing evidence of proper security controls and highlighting potential weaknesses in their defense system. Click here to read more…
Case Study about Home-Based Business and Government Regulation
Introduction: Government regulations typically have a disproportionately large impact on very small businesses. Studies using various methodologies have found that unit costs of complying with regulations are consistently higher for businesses with fewer than 20 employees than for businesses with over 500 employees that use similar compliance measures. Very little is known about size differences below 20 employees or other aspects of very small businesses that may influence the size and nature of regulatory impacts.
Home-based businesses, which make up roughly half of all U.S. businesses, are of particular interest because of their potential as a wellspring of economic activity. Homes are, in effect, do-it-yourself business incubators, which collectively provide start-ups with an entry point into the business world. Home-based businesses as a group have been characterized, but little more has been done in the way of analysis. A general goal of this study is to advance the understanding of regulatory burdens on home-based businesses, as opposed to non-home-based very small businesses. Keep reading…
Since our first audits in 2006, we’ve expanded to more countries and more supplier categories. We’ve conducted audits in 14 countries, and in 2012, our audits covered nearly 1.5 million workers. We also perform audits in select nonproduction facilities, including call centers and warehouses. In addition, we conduct specialized audits focusing on areas such as the environment and safety.We audit our final assembly manufacturers annually, and we audit other facilities based on certain risk factors, including location and geographic sensitivities, past audit performance, and the nature of the facility’s work. Since many smaller suppliers have never been exposed to auditing, our audits often identify ways to enable operations to comply with our standards. This effort not only improves working conditions at these suppliers, it also helps improve conditions industrywide, since many of our peers use the same companies.
Core violations and corrective action: Apple considers the most serious breaches of compliance to be core violations. These include physical abuse; underage, debt-bonded, or forced labor; falsification of information or obstruction of audit; coaching workers for audits or retaliating against them if they provide information; bribery; significant pollution and environmental impacts; and issues posing immediate threat to workers’ lives or safety. All core violations must be stopped and corrected immediately. Our preference is to fix problems so they don’t happen again rather than just fire the supplier—which would likely let these violations continue for other customers. However, if a violation is particularly egregious, or if we believe a supplier is not fully committed to stopping the behavior, we terminate our relationship with that supplier and, when appropriate, report the behavior to the proper authorities. Keep Reading..
Case Study about Analysis of the Ontario Power Authority
Executive Summary: This report focuses on the Ontario Power Authority’s (OPA) consideration of environmental sustainability in the development of the proposed Integrated Power System Plan (IPSP). The research was centred on a comparison of what the OPA did with what should reasonably be expected of the OPA in meeting the requirement, contained in Ontario Regulation 277/06 (The IPSP Regulation), for ensuring due consideration of environmental sustainability in plan development. In its decision on issues to be considered in the IPSP hearing, the Ontario Energy Board indicated that in order to meet this requirement the OPA is required to demonstrate that it has “weighed and evaluated” environmental sustainability in a way that is “meaningful” in the development of the IPSP.
Introduction: The Ontario Power Authority (OPA) has submitted a 20-year Integrated Power System Plan (IPSP) for review by the Ontario Energy Board (OEB). Submission of this plan is intended to meet requirements set out chiefly in three authoritative documents: the Ontario Electricity Act, 1998, as amended, the IPSP Regulation (Ontario Regulation 424/04) under that Act, and the Ontario Minister of Energy’s “Supply Mix Directive,” issued on 13 June 2006. The main requirements relevant to this report are those concerning compliance with the supply mix directions, assurance of economic prudence and cost effectiveness, and consideration of safety, environmental protection and environmental sustainability in the development of the plan.