Compliance Control: How Regulations Are Changing The Enterprise
Jason Bloomberg, a senior analyst with ZapThink, compares the process of staying in compliance with speeding on the highway but speeding less than the car in the other lane.
According to Bloomberg to be away from the eyes of the regulatory body organisations try their best to be more compliant from other organisations.
Bloomberg said one of the key challenges that companies face is implementing the appropriate governance. He said, "Governance is basically coming up with an approach to creating and communicating policies that apply to the organization, as well as giving people rules to follow those policies and then enforcing those policies and mitigating any policy issues that result."
According to Bloomberg, companies aren’t willing to spend massive amounts of money on compliance-related process improvement unless a specific mandate instructs them to do so.
Bloomberg explains that IT should always be involved in the governance process, where it can be called upon to provide, for example, a policy infrastructure or a policy life cycle management capability, where there’s always a way to store policies, update them, and retire them over time.
Whether you’re talking Sarbanes-Oxley, HIPAA, FISMA, Gramm-Leach-Bliley, or other regulations, compliance spins a complex web for companies. Securing enterprise perimeters to protect from attacks is one thing, but doing that and ensuring that company data and procedures are compliant is another, far more challenging matter.
Handling compliance-related issues often requires complicated processes and procedures, though an increasing horde of solutions from software and service vendors gives companies a helping hand.
Still, it’s a difficult process integrating compliance into enterprise strategy, particularly when employees struggle to understand that compliance should be a regular part of business operations and not a separate procedure.
In a survey sponsored last year by the Security Compliance Council, three out of four organisations said they must comply with two or more regulations, while almost half must comply with three or more regulations. Meanwhile, organizations are spending an average of 34 percent of their IT resources on procedures designed to help the companies comply with regulations.
While many experts state that IT-centric automation is key to successfully handling compliance demands, real-world evidence that automation is the answer isn’t quite widespread. Some companies complain that current compliance solutions can’t effectively mesh with their existing infrastructure, a problem that can potentially lead to more security holes and compliance problems than what previously existed.
By adopting a service-oriented approach, companies can organize their IT departments to meet an entire range of business needs, Bloomberg says.
With closer relationships between business and IT personnel, companies can be more adept at recognizing which regulations affect which processes and how they affect them.
print
save
email
comment
Copyright @ 2004 Software & Support Media
Powered By Media Teknologi Informasi Corp.
Privacy PolicyTerms of Use
