Untitled Document
www.expresscomputeronline.com WEEKLY INSIGHT FOR TECHNOLOGY PROFESSIONALS
08 January 2007  
Untitled Document
Sections

Market
Management
Technology
Technology Life

Columns

Between The Bytes

Events

Technology Senate
Technology Sabha
Specials

HMA Bankbiz
UPS Batteries

Services
Subscribe/Renew
Archives
Search
Contact Us
Network Sites
Network Magazine India
Express Channel Business
Express Hospitality
Express TravelWorld
feBusiness Traveller
Express Pharma
Exp. Healthcare Mgmt.
Express Textile
Group Sites
ExpressIndia
Indian Express
Financial Express

Untitled Document
 
Home - Technology - Article

Vendor Accent

IT compliance: Challenge or opportunity?

A comprehensive compliance solution addresses organisation-wide compliance needs rather than project-based ones targeted solely at specific regulations. By Vishal Dhupar

Compliance is perceived by most as a costly and tedious task, requiring significant investments in time and resources that could be better applied towards revenue-generating activities. Far-sighted organisations are taking a positive view of compliance, positioning compliance initiatives as a golden opportunity to ensure that fundamentally sound business principles are applied in their operations.

Accountability, integrity, risk management, custodianship and standardisation are the five basic tenets that no modern organisation can or should ignore. At the same time, they are also the foundation upon which many regulatory requirements are based. Far from being a hindrance to business objectives, close adherence to these principles is essential to building a sustainable business.

In the face of stronger trends towards globalisation, compliance can actually help organisations become more competitive, efficient and effective—today and tomorrow.

The business impact of compliance

Following the Enron and MCI WorldCom scandals, new regulations such as Sarbanes-Oxley (SOX) were framed in the US to ensure proper corporate governance and accountability from high-level officers.

Other industries, including healthcare and credit card vendors, have come up with their own regulations and standards governing privacy and security. For example, Basel II was introduced to promote greater consistency in the way banks and banking regulators approach risk management across national borders. The Health Information Portability and Accountability Act (HIPAA), which regulates the protection of medical records, and the Payment Card Industry (PCI) Data Security Standard, developed by MasterCard and Visa to improve the security of credit card payments, are both efforts at self-regulation to assuage consumer concerns.

While the bulk of new regulations hail from the US and Europe, the impact of these regulations is far-reaching as multi-national companies from these countries take their business global. A US-registered company’s operations in the Asia Pacific continue to be bound by US corporate governance regulations as much as they are back home. Asian enterprises with global dreams, as well as those that want to do business with US and European firms, must put compliance frameworks in place.

However, many enterprises are baulking at the high, and rising, cost of compliance, which in turn is driving up the cost of business operations. Some US stock exchanges are also concerned that this will discourage companies from listing with them, and instead seek out stock exchanges in countries with less stringent requirements.

The good news is that others see compliance as an opportunity to create more effective, focused and accountable organisational structures and processes that will pay dividends in the long term in terms of investor confidence and sustainability.

Following the leader

There is a lot to be learnt from world-class organisations which have made significant progress on the road to compliance by starting early with greater commitment than their peers.

What is notable is that the industry leaders (top 11 percent) had taken identifiable actions that delivered exceptional results of two or less material compliance deficiencies. What actions were these? They had set clear, measurable objectives and at the minimum, monitored and reported on security and compliance controls at least once a month. They dedicated at least five days per month in IT to compliance, and spent more than 10 percent of the IT budgets on security and measured results.

The lesson to be learned here for one and all is that organisations reap what they sow into their compliance efforts.

Checklist for compliance
  • Set a course
  • Identify critical facts, such as the frequency of audits, manpower requirements et al.
  • Figure out which actions lead to better results
  • Restructure the organisation where it is necessary to do so
  • Improve capabilities and resources as and when required

An integrated approach

But where does an organisation begin? While the basics of demonstrating compliance are similar across multiple mandates, managing the details and discovering commonalities or overlaps in controls is a complex problem. Reusing control data across multiple reports and delivering evidence of compliance to regulatory bodies can require a substantial investment in upfront time and effort.

Applying industry-tested frameworks such as ISO17799, which is widely used in the region, to security policies enable organisations to utilise one set of policy rules to help manage their entire compliance effort. By adopting such a framework, companies can simplify communication, validate controls with auditors and regulators, and reduce the effort required and therefore the cost of compliance.

A comprehensive compliance solution addresses organisation-wide compliance needs rather than project-based ones solely targeted at specific regulations.

Tackling compliance with automation

IT compliance solutions have come to the forefront as an indispensable part of compliance programs. Today, enterprises are attempting to minimise fragmented initiatives, automate audit procedures and IT security controls.

Automated solutions can take on the tedious and resource-intensive tasks of managing, maintaining, and reporting on the status of compliance to help organisations reduce the human and monetary resources required for compliance. Enterprises will also realise efficiencies and cost savings as these tools enable one person to easily generate a single report, which would ordinarily take many auditors more time to generate.

The good news is that the same The Security Compliance Council survey shows that two-thirds of firms are already attempting to automate audit procedures and IT security controls to help reduce labour costs and allow IT to focus on more productive pursuits. Unfortunately, it also found that more than a quarter of organisations continue to rely on costly manual methods.

Proven solutions

Identifying and managing a complex compliance environment need not be overwhelmingly expensive or difficult for an organisation. The right automation tools in place can reduce cost and complexity across business processes in a significant manner, resulting in easier reporting and measurement of compliance programs.

Organisations in the Asia Pacific should look to solution providers with a strong regional presence who can deliver comprehensive IT compliance solutions with a proven track record in helping simplify and reduce the cost of compliance, and most importantly, transform compliance into an opportunity to lead while others follow.

The author is the Managing Director, Symantec India vishal_dhupar@symantec.com

 


UNSUBSCRIBE HERE
Untitled Document
© Copyright 2001: Indian Express Newspapers (Mumbai) Limited (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by the Business Publications Division (BPD) of the Indian Express Newspapers (Mumbai) Limited. Site managed by BPD.