Getting to Compliance (IT Governance, Part 2)

Last issue we introduced IT Governance in general, some of its history and some of the regulations that compel us to embrace it.  We’ve acknowledged that it is, for many of us, an unpopular necessity. But we’ve also seen the golden promise of good that can

The Law

Are any of the new regulations going to affect you and your company?  In a word: yes. It is very likely that these – or other regulations that impact IT governance – will affect you.One of the most far-reaching ones is the Payment Card Industry Data Security Standard or PCI DSS. This one applies to anyone that accepts payment cards (credit or debit). The requirements impact fees and rates – the better the compliance, the lower the fees and rates. Money is a great motivator!  Prison can be a great motivator, too – the Sarbanes-Oxley act in the US has opened avenues for criminal prosecution along with whistle-blower protections. From securities and banking to health privacy and credit cards,  regulations are being created or tightened that have to do with protecting data and controlling IT access and change. If your industry doesn’t have requirements – yet – you won’t have to feel left out for long. If you are not a publicly traded company in the US your country is bringing similar requirements to you. Not publicly traded at all? Not to worry, the definitions are broadening to include most companies that even do business with any publicly traded companies. One way or another, sooner or later,  regulations that impact IT Governance are going to touch your organization.

Continue reading