6 Things Management Better Know About Compliance - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Software // Enterprise Applications

6 Things Management Better Know About Compliance

Business leaders may consider the issue of compliance daunting or dull, but it is ultimately their burden to bear.

12 Enterprise IT Resolutions For 2012
12 Enterprise IT Resolutions For 2012
(click image for larger view and for slideshow)
Compliance with HIPAA, PCI, and host of other regulations and laws is often seen by business leaders as just an expensive IT project. "Just throw technology at it and let me know when you're done." Well, it doesn't work that way.

Granted, some IT professionals will accept this approach because it grants them more power and reduces oversight of their work. After all, dealing with a disinterested, nontechnical boss is neither fun nor effective. The best-run organizations have managers who understand their important role in compliance.

In my work, here are six things I believe senior management and business owners must understand if their companies are to be compliant with the required standards, laws, and regulations.

1. Compliance is not a homework assignment--it is how your organization operates every day.
Sure, you may pass an audit on occasion, but audits are not a check of how you did today. The audits are a look at how you operate day in and day out: what is the process, how is it managed, how is it tracked, and how can you improve it?

2. Management has responsibilities that cannot be delegated.
For example, it should never be the IT staff's responsibility to decide how long to keep archived emails. That is a legal decision that should be defined in management's policy, managed by IT processes, and verified by either management or someone who is not in IT.

3. Systems are not compliant--organizations are compliant.
Computer systems do not operate in a vacuum. They are tools for employees. Companies are about people who use tools to do something. Compliance is about how something works, not just the tools.

4. Employees and business processes are typically a much bigger problem for compliance and security than computer systems.
Study after study has found that many more problems result from sloppy processes and employee behavior than from network breaches and hacking.

Read the rest of this article on Dark Reading.

The effort to achieve and maintain compliance with Sarbanes-Oxley requirements remains one of the primary drivers behind many IT security initiatives. In our Security Via SOX Compliance report, we share 10 best practices to meet SOX security-related requirements and help ensure you'll pass your next compliance audit. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Slideshows
Reflections on Tech in 2019
James M. Connolly, Editorial Director, InformationWeek and Network Computing,  12/9/2019
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll