My Take on the 36 Hour Rule

It doesn’t cover us. . .

. . . but we’ll agree to it anyway.
Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . .

clock displaying its hand at 36 hours in red text

I thought I’d write a quick DNL about the new 36 hour rule.  It’s due in May, so I am not surprised I’ve already held several conversations with Clients about an “impending addendum.”

I told them that we don’t believe we are covered by the rule; we deliver network monitoring, event log consolidation and monitoring, and other services that do not fall into the categories put forth in publication.  Therefore, this new rule is only applicable to providers performing those services.  As infotex is a Managed Security Service Provider, we do not provide services covered by the BSCA and are currently not required to meet the expectations in the new rule. I then told them that I would sign the agreement anyway, because as far as I’m concerned if my Clients want me to agree to something I should try to accommodate them.  I then pointed them to the rule, so they could decide for themselves.

I then called my lawyer, who gave me his blessing (yes, we can agree to this).  The conversation included this:  “Jim, I would agree not to put an oil rig in the gulf coast to avoid another BP oil rig disaster if a bank wanted me to.”

The only stipulation:  we will print the guidance in its current form and attach it to the addendum, and the addendum will say “to the extent that the 36 Hour Rule covers infotex.”

Those Clients must have then read the rule, because I have not heard back from them!

Original article by Dan Hadaway CRISC CISA CISM. Founder and Managing Partner, infotex

“Dan’s New Leaf” is a “fun blog to inspire thought in the area of IT Governance.”



Related Posts

Considerations – Why you should choose infotex, Inc. as your next MSOC!

Reasons why we should be considered! infotex provides a number of services that can be checked out if you click over to! We even made a movie with all the reasons why infotex...

The Magnificent Seven 2023

Seven Trends . . . …that small bank Information Security Officers face in 2023 Another one of those Dan’s New Leaf Posts, meant to inspire thought about IT Governance . . . . Welcom...