Director of CISQ responds to the proposed SEC rule
Calls out importance of quality and security in automated systems supporting U.S. securities market
Needham, MA — The Consortium for IT Software Quality (CISQ) is proud to announce that its Director, Dr. Bill Curtis, submitted comments on the consortium’s behalf to the Securities and Exchange Commission (SEC) regarding proposed rule, “Regulation Systems Compliance and Integrity – Rule 1000(b)(1)”.
In the responses, Dr. Curtis made recommendations to ensure that critical structural weaknesses would be detected and fixed. Specific recommendations include:
- SCI entities should incorporate measurements of cost, quality, operational performance, and business risk of SCI software in development and testing methods;
- The structural quality of SCI Security Systems should be evaluated and measured, since many software security vulnerabilities result from poor structural quality;
- SCI systems should be reviewed and tested prior to each software release; and
- Policies compliant with the proposed rule should include a broader range of standards than currently proposed, including CISQ’s standard measure of structural quality characteristics such as reliability and security.
The proposed Rule 1000(b)(1) would require regulated organizations to implement practices that ensure the capacity, integrity, resiliency, availability, and security of automated systems supporting US securities markets. It would be applied to self-regulatory organizations (including registered clearing agencies), alternative trading systems, plan processors, and exempt clearing agencies subject to the Commission’s Automation Review Policy. These SCI entities would be required to comply with requirements specific to the automated systems that support the performance of their regulated activities.
The Consortium for IT Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce a computable metrics standard for measuring software quality and size. CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. For more information, visit www.it-cisq.org.