Description: Leveraging Best Practice Frameworks to Simplify Regulatory Compliance
In the first of a series of downloadable audio seminars on compliance best practices, IT Governance founder Alan Calder looks at how the ITGI, OGC and ISO 17799 Joint Framework can be leveraged to simplify regulatory compliance.
Background
Organizations have traditionally responded to regulatory compliance requirements on a law-by-law, or department-by-department basis. That was, last century, a perfectly adequate response. There were relatively few laws, compliance requirements were generally firmly established and well-understood, and the jurisdictions within which businesses operated were well-defined.
Over the last decade, all that has changed. Rapid globalisation, increasingly pervasive information technology, the evolving business risk and threat environment, and todays governance expectations have, between them, created a fast-growing and complex body of laws and regulations â€“ such as HIPAA, SOX, GLBA, EU Privacy and Data Protection Directives, and Turnbull - that impact the organizations IT systems. While global companies are in the forefront of finding effective compliance solutions, every organization, however small, in whatever industry, and anywhere in the world, is challenged by the same broad range of state, federal, national and international regulatory requirements.
These regulatory requirements focus on the confidentiality, integrity and availability of electronically-held information, and primarily â€“ but not exclusively â€“ on personal data. Many of the new laws â€“ such as SB 1386, OPPA, the EU Safe Harbor regulations, EU Directives, Basel 2, etc - all appear to overlap and, not only is there very little established legal guidance as to what constitutes compliance, new laws and regulatory requirements continue to emerge. Increasingly, these laws have a geographic reach that extends to organizations based and operating outside the apparent jurisdiction of the legislative or regulatory body.
In the face of new, blended, complex and evolving threats to their data, organizations have business and regulatory obligations to protect, maintain and make data available when it is required. They have to do this in an uncertain compliance environment where the rewards for success dont grab headlines, but the penalties for failure do.
Fines, reputation and brand damage and, in some circumstances, jail time for directors are outcomes that every business wants to avoid. And organizations want to do more than simply avoid these risks; they want to reduce the cost and disruption of multiple compliance initiatives, and they want to minimises the impact on customer-focused business operations. Some organizations want to go further than this, and look to get positive business returns from their investment in closing information loopholes and improving the security of their information systems.
The way to do this is through the adoption of an externally-validated, best-practice approach to information security â€“ one that provides a single, coherent, multi-layered, channel-specific, framework that enables simultaneous compliance with multiple regulatory requirements. Multi-layered technology approaches are, therefore, solutions to which organizations are increasingly turning.
Historically, there have been a number of such frameworks to which organizations could turn. The recent emergence of an official, integrated framework containing CobiT, ITIL and ISO 17799 offers business leaders an outstanding opportunity to import coherence into an otherwise sometimes fragmentary operational IT environment.
Areas covered in the seminar
Current and future governance and compliance requirements
The role of enterprise risk management
Linkages and similarities between state, national and international regulations
Why the traditional approach to regulatory compliance no longer works
Business risks arising from legal contradictions, overlaps and loopholes
Impact on corporate brand, market position and share value of regulatory failure
Key governance requirements of directors
Role of best practice frameworks
Linkage between compliance requirements and best practice frameworks
Background and history of CobiT, ITIL and ISO 17799 â€“ similarities and differences
Importance of the CobiT/ITIL/ISO17799 joint framework
Benefits of deploying this best practice framework
Critical success factors in deploying this framework
Key learning points for people using this seminar
They will get a thorough overview of the governance and compliance requirements faced by todayâ€™s organizations, both nationally and internationally;
They will understand current and future regulatory requirements, within a broad governance context;
They will be able to articulate the regulatory and information risks faced by their organizations and identify appropriate strategies for mitigating those risks;
They will understand the background to and nature of best practice frameworks;
They will be able to effectively deploy the new, integrated best-practice Joint Framework.
Who will benefit from this seminar?
This seminar will benefit
board members,
company directors,
non-executive directors,
C-suite officers,
senior managers in all disciplines,
governance and compliance professionals,
IT managers,
risk managers, and
the staffs of those functions.
Anyone interested in governance and regulatory compliance, whether as an adviser, manager, employee or individual subject to its requirements, will get value from this seminar.
Publication date: 21 June 2006
Availability: Immediate download (Unzip folder, click player and youre in business!)