1 / 18

Compliance: Risks and Rewards for IT

Understand the challenges and opportunities of compliance in IT. Learn about the impact on data management, architecture considerations, and the importance of a comprehensive compliance strategy.

etheriot
Download Presentation

Compliance: Risks and Rewards for IT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Compliance: Risks and Rewards for IT Michael Krieger Ziff Davis Market Experts

  2. Welcome • What you’ll learn • Keynote/Participants/Panelists • Housekeeping

  3. The Compliance Morass • Tangled Issues: Over 10,000 regulations in the US alone • Federal, State and Local • Some US regulations conflict with foreign regulations • Compliance isn’t just Sarbanes-Oxley, and isn’t just for public companies • DOT, Gramm-Leach-Bliley, HIPAA, OSHA, Patriot Act • Healthcare and Life Sciences have a particularly heavy load of regulations with which to deal

  4. Market Drivers – Compliance Impact • Financial Services • Maintain growth, reduce costs, accelerate access to information • Life Sciences • Need to speed development, discovery • Healthcare • Close ‘technology gap,’ security, privacy • Government • Consistency/standards, information security

  5. Compliance: Business View • Defining “compliant” records • Executive Accountability – Legal Liabilities • Non-compliance impacts the bottom line • Prison terms and fines possible • Opportunity to re-think processes, procedures, infrastructure • Inside IT and through the enterprise • Goal: Turn compliance to competitive advantage

  6. Benefits Becoming Clearer Source: CIO Insight/Gartner survey of 182 organizations

  7. Compliance: IT’s Opportunities • IT’s mandate: “Do More with Less” • Technology/IT’s role in data mgmt as relates to compliance • Retain, protect and maintain access to an ever-growing amount of data for audit • Storage Architecture Implications • Hardware to support all types of archival • Management software to automate processes • Compliance solution that leverages existing infrastructure • IT can MAKE or BREAK successful compliance solution implementation

  8. New Targets: CIOs and CXOs • New regulations including SOX put the CIO at theoretical risk • ANY C-level executive can be held accountable and be prosecuted • Rica Foods CEO was fined • Major risk: Crime detection • Punishment can be avoided by taking ‘appropriate disciplinary measures’

  9. Are Your Compliance Efforts On Target?

  10. Impact on Data Management • Escalating data management costs • As ‘compliant’ data grows, so does everything else! • Hardware underutilized or maintains stale data • Availability requirements – downtime is not an option • New data types include images, IMs, voicemail, PDA and smart phone data

  11. Architecture View • The Data Lifecycle • Compliance can long outlive usefulness, so when planning compliance solution, keep in mind that compliant data: • Must be continuously available • Must be ‘future proof’ • Strict privacy must be adhered to • Must be unalterable and verifiable

  12. Architecting Compliance – and More • Regulation-specific solutions can lead to fragmentation and confusion • It’s not getting any easier dealing with a myriad of vendors who just see $$$$ • Compliance architecture should be built from the ground up – encompassing ALL storage, not just compliance data

  13. The Compliance Stack Compliance Team (people, processes)

  14. Build Your Compliance Team • Compliance is a boardroom issue • Most companies have NOT involved legal counsel in compliance planning! • Less than half of companies are providing employee training on compliance • Over a third had NO IT department involvement in SOX compliance processes! • Source: Gartner

  15. Impl. Policy, Operational, Tech Controls Develop a ComplianceArchitecture The Compliance Lifecycle Realize Accountability Evaluate and Review Regulation Review Understand Define Communicate Develop Evaluate & Review Consult Legal Counsel Evaluate Partner Community Communicate & Incorporate Define Policy &Procedure

  16. The Long Road Ahead • Compliance record retention periods are growing – to decades in some cases • Long-term view to accountability and transparency regardless of specific regulations • Broader framework for managing all information is called for to protect IT and the enterprise from future regulatory impact

  17. Stepping Stones to Success • Think “architectural solution” vs. “point” products • Leverage existing infrastructure • Go with solution that has positive impact on overall storage performance, not negative • Team effort with IT, Legal, HR, CFO • Adopt best practices discussed during today’s event

  18. Thank you ! • For copies of this presentation, please contact _________ at ____________.

More Related