From regulatory compliance to corporate governance structure, everyone is involved
Sign up now and get the best business technology insights direct to your inbox.
Topic: SMBs
Steven Mills, CISA
says:
In resolving many of todays legal and compliance related mandates, its best to understand that there is a single source to which these requirements stem. At the heart is global commerce (niether good nor bad), whether EU, APEC, WTO, or Safe Harbor many countries have agreed to establish their own national laws for the protection of intellectual property, personal privacy, and trade secrets. This requires on an agreed base standard which today is ISO 27000. PCI, Privacy, SOX, the New HIPAA updates and many others have incorporated this standard into their particualr requirements. IT and a companies legal resources must be lock step. The idea of creating an informaiton management structure that is appropriate to manage all compliance and yet meet the Federal Rules of Civel Procedures is not new, simply to those who have not applied these MIS best practices leads to much confusion and at times overkill.
At the heart of compliance is risk assesment and appropriateness. I have seen overkill from the perspective of legal council as well as IT personnel. Following the best practices of ISO 27002:2005 can go a long way in assuring a businesses senior management staff that what is being developed will have a ROI through better management of what most companies feel is their second most valued assets, corporate information and take serious the protection of their number one valued assets - their customers, vendors, and employees personal private information .
Topic: PCI Data Security Standard
Vital security compliance information to protect the flow of commerce for your business
Blog: Confronting the Complications of E-Commerce
Article: Embracing Tokenization: Payment Without Pain
White Paper: Profiting from PCI Compliance
Related Topics
Accounting and Financial Management Solutions, SMBs
Lowering Your IT Costs with Oracle Database 11g Release 2This white paper identifies the key capabilities a database management solution needs to successfully deliver more information with higher quality of service, make more efficient use of IT budgets, and reduce the risk of change in data centers.
Software Forum: Information On Demand Virtual ExperienceThis interactive virtual forum presents leading IT experts providing the insights you need to turn your information into a strategic driver for innovation, business optimization and competitive differentiation.
Hardware and software tools to create an enterprise infrastructure for data and business optimization.
Data-loss prevention tactics, technologies and best practices to protect your sensitive and valuable company data.
Applications that mid-sized businesses can use to improve operational efficiency, accelerate growth, and maintain profitability.
Mobile computing solutions, tips, and expert commentary that increases the usability and bottom-line benefits of your mobile computing assets.
Social Media Policies ToolkitDefine the rules at your company for the proper use of social media platforms such as Blogs, Twitter, Facebook and Youtube. Ensure your users are spending their time productively and company resources are being used for the business.
Strategic IT Planning & Governance Best Practices GuideUse this guide — along with the more than 60 templates included — to ensure the overall success of your entire IT department.
A lot of the governance, risk, and compliance is overstuffed with legal jargon. Try reading the Sarbanes-Oxley details and you will be wishing you had a lawyer handy. Ask any IT person if they want to be a lawyer and they will crawl under a desk and hide. Ask a lawyer if he wants to be an IT guy and he will ramble on about future technology. Solutions need to understand this limitation and help merge the two departments together.