The Compliance Angle

By Subraya Mallya - April 2007 | Topics - Compliance, Configuration Management, Data Security

While IT is focused on getting their arms around the Application Management problem, the Regulatory mandates like Sarbanes-Oxley (SOX), HIPAA, PCI Data Security Standard, FDA 21 CFR Part 11, Gramm Leach Bliley Act, FISMA, BASEL II are pushing the IT and business users to brink with all the myriad of compliance and audit requirements. Having visibility to all the controls in the system, managing the change process and reporting on the controls/changes has been become the main focus of most companies.

While companies currently treat IT Management and Compliance as two distinct needs, I am here to tell you that, if implemented correctly, ITIL concepts around Change Management, Configuration Management, Release Management ( aka CCR), will go a long way in  companies’ establishing the framework needed for the compliance requirements as well.

With Configuration Management, going down a level from Application Infrastructure to the Application Controls level, having the visibility, dependency mapping and monitoring of the changes will in effect satisfy some of the key requirements around IT Management in SOX 404. Similarly monitoring the Access management in the application should assist companies in ensuring that the confidential information about Credit Cards stored in Application is secure and not accessed by unauthorized personnel, thus meeting the needs of PCI Data Security.

Once we have the focus of CCR at the Application Controls level, reporting on them becomes easier. Almost 80% of the requirements around compliance is reporting on the controls and access information.

Thoughts shared by readers (0)

    Trackbacks For This Post (1)

    1. PrudentCloud Says:

      #PrudentCloud: The Compliance Angle http://bit.ly/Wz3DE

    We would love to hear your thoughts. Please leave a comment

    Note: Please review our Comment Policy

    Back to Top
    %d bloggers like this: