Energy Efficiency

Stephen Schimmel (North America) - Automating Regulatory Compliance

Gone are the days when IT departments existed only to repair routine computer problems or answer simple tech questions. As the dependence on technology has continued to grow throughout the past few decades, so too have the expectations dealing with the regulatory compliance issues that surround it. The creation of new technologies has resulted in new responsibilities, and as more and more organizations are faced with the task of adhering to a multitude of regulatory compliance standards, the issue of "how can we improve our efforts?" becomes more and more pertinent.

The fact is that the majority of IT departments are now responsible for adhering to more than one set of compliance requirements, while many face more than four. Finding ways to manage each set of compliance standards efficiently, sufficiently and effectively has become an increasingly difficult endeavor, but fortunately, there are several methods of ideology here.

A common and bare-boned practice is to simply place heavy concentration on the requirement or requirement types that are popular enough to reach across multiple sets of regulatory compliance sets and focus on similarities to increase diligence. This practice allows administrators to satisfy many compliance issues at once without having to repeat the same steps to meet the expectations of various compliance auditors, and it works to a large extent. Find commonalities between the expectations of both your HIPAA and SOX auditors, for example, and address those first. Many such requirements do fall into multiple compliance categories, so this is a good practice for getting started.

Unfortunately, obviously, one major problem springs to mind when following this approach-what happens to the regulatory expectations that do not span across multiple sets of compliance standards? Do the requirements that apply, for example, only to HIPAA regulations, mean less than those that apply to both HIPAA and SOX? Not to the HIPPA auditor who deems an organization non-compliant because of failure to meet all the necessary expectations.

So how can IT administrators proactively ensure compliance to multiple standards? There are a plethora of compliance solutions on the market that automate the process, allowing CIO and IT managers to worry less about the fees, penalties and stigmas that result from failed compliance audits, and more about other necessary tasks that keep their organizations safe, profitable and productive. Every organization has different internal and external procedural requirements to follow, and thus, every company will benefit differently from the various available solutions. It's important then, for all IT companies looking to bridge the gaps left behind by manual infrastructure change auditing, to carefully test various solutions and find the one that works best within their unique environment.

Automated compliance solutions are one way to help IT departments mechanize adherence to regulatory standards, while simultaneously increasing overall operational efficiency and minimizing dependence on error-prone manual tasks. Many solutions, such as NetWrix's Regulatory Compliance Suite or Quest's Compliance Suite for Windows, are also favored compared to manual practices, simply because generated change reports can serve as precise paper trail that will demonstrate a company's compliance efforts.

Regardless of your IT department's method of infrastructure change auditing, it is no secret that the process is becoming more and more important to organizations of all kinds. Failed compliance audits can result in serious fines, loss of company credibility, and even jail time, so the seriousness of proper compliance practices cannot be underestimated. Whether it's via careful manual scrutiny, or automated third-party solutions, it's essential to track changes that might otherwise result in failed audits. Compliance is not a static effort-adhering to regulatory standards requires constant awareness of even the smallest infrastructure changes, so it's important to take the necessary precautions. Find what works for your IT department, and track the changes that threaten non-compliance.

Stephen Schimmel is a product manager at NetWrix Corporation, a systems management and compliance software company that offers free Active Directory, change management, identity management and end point security solutions for IT pros.



« Leonardo Mattiazzi (Brazil) - Distinguishing "What's Crucial" vs. "What's Important" in IT Projects with Val-IT


Smita Sharma (UAE) - The False Cloud: Moving Beyond the Buzzwords »


Do you think your smartphone is making you a workaholic?