Gartner analysts said that enterprises that have security and business continuity planning (BCP), a document management system, and a business process management (BPM) system in place already have the foundations for a compliance architecture.
"Vendor hype suggests that a wide variety of technologies is the answer to compliance with the Sarbanes-Oxley Act, but governance and compliance are no different than most other business issues," said Brian Wood, research director for Gartner, in a prepared statement. "A compliance architecture doesn't necessarily require new software investments and does not need to be implemented across the enterprise in a single step. Most organizations will find that they already have many of the software tools they need."
By establishing a compliance architecture, enterprises will be able to reduce the cost of regulatory compliance because such an architecture "eliminate(s) requirements to hire external auditors or consultants every time a new law appears," said Rich Mogull, research director for Gartner.
Mogull said that to build the most effective compliance architecture, enterprises should expand and standardize the use of BCP, document management systems, and BPM, and should add "some business intelligence and perhaps a compliance tool for reporting," as well.