Compliance

With ITC compliance such a broad topic it is easy to see how IT can lose direction and momentum when ensuring that business compliance requirements underpin operational considerations. 

Issues as to privacy, policy and procedure, certification and qualification are generally acknowledged but fully understanding their impact, and implementing systems to ensure that you are compliant, may not always be straightforward.

Without discounting the topic as a whole, there are several ‘hot items’ that continually confront IT.  By just addressing these areas can go a long way to reducing compliance risk: identity life-cycle management (ILM) with a focus on authentication and authorisation document life-cycle management (DLM) focusing on retention and recovery electronic asset management with a focus on software licensing (SAM) monitoring.

Marketing Pitch
The proliferation of cheap micro mass-storage devices attachable to any PC, the diverse methods of communication like instant messaging and VOIP incorporating peer-to-peer file transfer and myriad different service providers or protocols make data portability and the loss of confidential electronic data or intellectual property the issue that it is today. 

A driving force behind compliance systems is regulation but the impact of industry based best practice, combined with industry recognised vendor certifications, cannot be discounted.  Both are real and increasingly becoming effective and mandatory elements of the policies and procedures that affect ITC professionals and the projects they undertake. 

Global enablement via IT exposes every organisation to innumerable risks.  Identity theft, fraud, malicious attacks … the ‘risk-list’ just goes on and highlights the need for organizations to control and secure access to applications and information. 

A business must allow access to someone to do something, or there is no business, but how do we know it is the right thing?