Compliance Policy
Every so often, we are asked if dbFront is compliant with one or more of the following - SOX, FISMA, HIPAA, PCI DSS...
The simple answer is that dbFront can help with compliance, but dbFront can't automatically introduce compliance. Unlike your DBA or Systems Analyst, dbFront has zero domain knowledge, so it can't automatically judge if specific fields, records or tables require special treatment.
There are technical aspects of compliance that dbFront can help with such as:
- Providing clear and robust ways to limit data access,
- Properly and securely authenticating users,
- Ensuring that web requests are managed securely and safely (e.g. SQL Injection attempts),
- Providing Audit information to your database (Audit Values).
For more details on the security features of dbFront, please see: Security
Compliance must be designed and integrated by a DBA or Systems Analyst who understands both the data and your industry-specific compliance requirements. In many cases, they can take advantage of dbFront functionality. Other compliance aspects, such as auditing or data encryption, are implemented at the database level.
In all cases, compliance is the responsibility of the Analyst or DBA who would need to ensure that your implementation is compliant.