Sun, Deloitte Team On Compliance
The initiative combines Deloitte's consulting and advisory services with Sun's IT management wares.
Sun Microsystems Inc. and Deloitte today revealed a collaborative initiative to combine and services to help companies address regulatory compliance and technology governance.
As part of this initiative, Sun and Deloitte today unveiled plans for the Center for Technology Governance and Compliance (CTGC). Access to the professionals and services within the CTGC is available through Sun Solution Centers.
Sun is positioning its information lifecycle management (ILM) and identity management software portfolios as the key technology components of the framework for implementing governance and compliance strategies and programs.
"In this time of heightened expectations for information quality, companies need to shift their thinking from a tactical, short-term approach to compliance toward a more strategic, sustainable approach that includes improved governance, standardized processes and enabling technologies," said Lee Dittmar, principal and national leader of Deloitte Consulting's Enterprise Governance practice. "Sun's technologies can be leveraged to build solutions for integrating compliance into clients' daily operations, building accountability into the IT operation and improving long-term business performance."
The CTGC will assist companies in integrating methodologies and frameworks driven by regulatory oversight requirements, such as Sarbanes-Oxley, industry requirements such as the Health Insurance Portability and Accountability Act (HIPAA), and frameworks such as Committee for Sponsoring Organizations (COSO), Control Objectives for Information Related Technology (COBIT), the IT Infrastructure Library (ITIL) and BASEL II.
The CTGC will provide four primary components:
A business, process, and technology assessment of a company's current compliance initiatives, resulting in specific recommendations to help prioritize actions to mitigate risk, efficiently sustain compliance, help meet privacy and governance requirements, and establish effective practices for long-term technology governance.
A security methodology to enable user access controls and segregation of duties that facilitates organizational efforts to enhance processes for granting user access to applications and information, and provides reporting tools and mechanisms to support periodic reviews and confirmation of user access rights.
An information governance methodology that captures, classifies, archives, retrieves, and purges appropriate corporate electronic records to comply with regulatory mandates, also enabling electronic discovery and mitigating legal risk.
A controls methodology to provide visibility into the compliance operations of an enterprise. This includes preventative and detective monitoring of ERP and other systems for configuration changes and policy violations as well as remediation procedures and workflow tracking.
About the Author
You May Also Like