09-24-13

Contact:
Julie Pike
OMG
+1-781-444 0404
[email protected]

Director of CISQ Responds to Proposed SEC Rule
Calls out importance of quality and security in automated systems supporting U.S. securities market

Needham, MA- 09-10-2013-The Consortium for Information & Software Quality (CISQ) is proud to announce that its Director, Dr. Bill Curtis, submitted comments on the consortium's behalf to the Securities and Exchange Commission (SEC) regarding proposed rule, "Regulation Systems Compliance and Integrity- Rule 1000(b)(1)".

In the responses, Dr. Curtis made recommendations to ensure that critical structural weaknesses would be detected and fixed. Specific recommendations include:
SCI entities should incorporate measurements of cost, quality, operational performance, and business risk of SCI software in development and testing methods;

  • The structural quality of SCI Security Systems should be evaluated and measured, since many software security vulnerabilities result from poor structural quality;
  • SCI systems should be reviewed and tested prior to each software release; and
  • Policies compliant with the proposed rule should include a broader range of standards than currently proposed, including CISQ's standard measure of structural quality characteristics such as reliability and security.

The proposed Rule 1000(b)(1) would require regulated organizations to implement practices that ensure the capacity, integrity, resiliency, availability, and security of automated systems supporting US securities markets. It would be applied to self-regulatory organizations (including registered clearing agencies), alternative trading systems, plan processors, and exempt clearing agencies subject to the Commission's Automation Review Policy. These SCI entities would be required to comply with requirements specific to the automated systems that support the performance of their regulated activities.

To view Part 1 and Part 2 of Dr. Curtis's response letters, visit the CISQ website at www.it-cisq.org

About CISQ 
The Consortium for Information & Software Quality (CISQ) is an IT industry leadership group comprised of IT executives from the Global 2000, system integrators, outsourced service providers, and software technology vendors committed to introduce a computable metrics standard for measuring software quality and size. CISQ is a neutral, open forum in which customers and suppliers of IT application software can develop an industry-wide agenda of actions for improving IT application quality and reduce cost and risk. For more information, visit www.it-cisq.org

About OMG
The Object Management Group® (OMG®) is an international, open membership, not-for-profit technology standards consortium. OMG Task Forces develop enterprise integration standards for a wide range of technologies and an even wider range of industries. OMG's modeling standards enable powerful visual design, execution and maintenance of software and other processes. Visit www.omg.org for more information.

###

Note to editors: For a listing of all OMG trademarks, visit https://www.omg.org/legal/tm_list.htm. All other trademarks are the property of their respective owners.