Business leaders may consider the issue of compliance daunting or dull, but it is ultimately their burden to bear.
12 Enterprise IT Resolutions For 2012
(click image for larger view and for slideshow)
Compliance with HIPAA, PCI, and host of other regulations and laws is often seen by business leaders as just an expensive IT project. "Just throw technology at it and let me know when you're done." Well, it doesn't work that way.
Granted, some IT professionals will accept this approach because it grants them more power and reduces oversight of their work. After all, dealing with a disinterested, nontechnical boss is neither fun nor effective. The best-run organizations have managers who understand their important role in compliance.
In my work, here are six things I believe senior management and business owners must understand if their companies are to be compliant with the required standards, laws, and regulations.
1. Compliance is not a homework assignment--it is how your organization operates every day.
Sure, you may pass an audit on occasion, but audits are not a check of how you did today. The audits are a look at how you operate day in and day out: what is the process, how is it managed, how is it tracked, and how can you improve it?
2. Management has responsibilities that cannot be delegated.
For example, it should never be the IT staff's responsibility to decide how long to keep archived emails. That is a legal decision that should be defined in management's policy, managed by IT processes, and verified by either management or someone who is not in IT.
3. Systems are not compliant--organizations are compliant.
Computer systems do not operate in a vacuum. They are tools for employees. Companies are about people who use tools to do something. Compliance is about how something works, not just the tools.
4. Employees and business processes are typically a much bigger problem for compliance and security than computer systems.
Study after study has found that many more problems result from sloppy processes and employee behavior than from network breaches and hacking.
The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.