Software // Enterprise Applications
News
3/9/2012
10:37 AM
Connect Directly
RSS
E-Mail
50%
50%

6 Things Management Better Know About Compliance

Business leaders may consider the issue of compliance daunting or dull, but it is ultimately their burden to bear.

12 Enterprise IT Resolutions For 2012
12 Enterprise IT Resolutions For 2012
(click image for larger view and for slideshow)
Compliance with HIPAA, PCI, and host of other regulations and laws is often seen by business leaders as just an expensive IT project. "Just throw technology at it and let me know when you're done." Well, it doesn't work that way.

Granted, some IT professionals will accept this approach because it grants them more power and reduces oversight of their work. After all, dealing with a disinterested, nontechnical boss is neither fun nor effective. The best-run organizations have managers who understand their important role in compliance.

In my work, here are six things I believe senior management and business owners must understand if their companies are to be compliant with the required standards, laws, and regulations.

1. Compliance is not a homework assignment--it is how your organization operates every day.
Sure, you may pass an audit on occasion, but audits are not a check of how you did today. The audits are a look at how you operate day in and day out: what is the process, how is it managed, how is it tracked, and how can you improve it?

2. Management has responsibilities that cannot be delegated.
For example, it should never be the IT staff's responsibility to decide how long to keep archived emails. That is a legal decision that should be defined in management's policy, managed by IT processes, and verified by either management or someone who is not in IT.

3. Systems are not compliant--organizations are compliant.
Computer systems do not operate in a vacuum. They are tools for employees. Companies are about people who use tools to do something. Compliance is about how something works, not just the tools.

4. Employees and business processes are typically a much bigger problem for compliance and security than computer systems.
Study after study has found that many more problems result from sloppy processes and employee behavior than from network breaches and hacking.

Read the rest of this article on Dark Reading.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

Comment  | 
Print  | 
More Insights
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps – and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join InformationWeek’s Lorna Garey and Mike Healey, president of Yeoman Technology Group, an engineering and research firm focused on maximizing technology investments, to discuss the right way to go digital.
Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.