• Your transaction processing applications will fail;
• Forensics and audit log management will become a nightmare;
• You may run afoul of regulatory and industry requirements; and
• Courts may reject your electronic data as inadmissible.

Time is a major component in complying with the Payment Card Data Security Standard ("PCI DSS") as well as the Financial Industry Regulatory Authority Order Trail Audit System ("FINRA OATS").

Time also plays a major role in addressing the FFIEC's objectives for the integrity of data and accountability ("FFIEC Information Security Examination Handbook," p.6).

Yet for all time's importance, we understand little of how our systems actually generate and maintain time and the significant deficiencies in most time practices.

For example, as a compliance officer, would you accept a critical business process that was supported by a third party that refused to be audited or enter into a service level agreement?

- What if there was no way to even verify the identity of the third party that provided the critical support?

- What if one of your critical systems accepted input from several company locations and external partners across multiple time zones and it was practically impossible to determine the actual time of day on the various time stamps?

- What if one of your systems was dependent on a single source for critical data and no automatic failover process or backup strategy existed?

Most people would be surprised to learn that these problems are common in the vast majority of businesses with respect to how they manage time.

This webinar provides an introduction to how digital time is communicated and maintained in electronic commerce, the various sources for time and the significant vulnerabilities in the existing time practices used in most companies. The presentation will give you detailed recommendations for how to address these vulnerabilities and the basic components for a compliant time-keeping practice.

In his career, Sewall has managed information security compliance requirements for one of the largest financial services organization in the world, implemented that institution's information security program at the business unit level and developed the information security awareness training program. He currently provides IS risk management and training services through ISRMC, LCC.