Making compliance work for you
Just because you passed your last compliance audit doesn't mean that you'll pass the next one. So what can you do about it? Change your perception.
If you want to be fully prepared for an audit, consider altering the way you approach compliance. Think of Sarbanes-Oxley (SOX) as an opportunity to improve your IT and operational processes and technology. Organizations that take a minimal, project-based approach with SOX - rather than treating it as an ongoing compliance program - are less likely to gain additional business value from their compliance investments. Instead, try taking a risk-based approach that identifies the impact to the business if a control fails.
For example, if your company's key source of revenue comes from its online business, things can come to a screeching halt if your Web server goes down during manual maintenance tasks. Instead, consider using automated controls to manage changes to your Web server. Replacing tedious, manual controls with automated controls will more quickly satisfy auditors and can free up your staff to focus on other innovative projects. It may be the catalyst for reviewing your existing processes, such as those for change control, and determining how they can be streamlined, simplified, and standardized.
Instead of viewing compliance as a project that must be grappled with every nine months, embrace it as a sustainable process. This approach will enable your organization to support SOX objectives and will help you run your organization more efficiently and flexibly, something that will become even more significant as IT's role in compliance continues to grow. Make compliance a part of how you do business in IT, and you will spend less time with auditors and more time running a better IT organization.
The ideas expressed in this article are solely those of the author and do not necessarily reflect the opinions of ITworld.com.
» posted by abennett
BMC Software
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
