Home  | Shopping  |  Find a job | Newsletter | Feedback | Advertise - Online  | Help
Google
Web dqindia.com
Search by issue  | Sitemap

Infrastructure Management: Charting a new roadmap for CIOs! A CIO Special

 
  Welcome Guest

   
Home > IT Landscape08

The Conformance Game
Given the increasing importance of IT in meeting regulatory compliance and the smooth running of the business, CIOs and their IT organizations have an important role to play
Shipra Malhotra
Wednesday, February 20, 2008

Conformance to compliance is no longer driven solely by regulatory fear, as has been the case traditionally. It is rather a matter of business and competitive requirements becoming the prime driving force behind adherence to compliance.

As compliance becomes a business imperative, its becoming increasingly important for CIOs to understand its landscape and impact on the organizations IT infrastructure and strategy.

Fitting in with IT
In todays compliance scenario, information storage, management, and protection have become the most pressing issues which businesses across verticals like telecom, BFSI, BPO/ITeS, healthcare, and even the government have to deal with.

Nowadays, CIOs are more involved in not only functional but also strategic decisions made in the company. So, CIOs need to understand the importance of making an investment on compliance and the benefits of RoI.

Compliance is a broad topic and encompasses factors like ability to retrieve data within the recovery point objectives (RPOs) and recovery time objectives (RTOs), ability to secure data against unauthorized access, the ease of portability of data, in line with the technology changes, and protection against accidental/fraudulent modifications.

Business Imperatives
Compliance has witnessed a transition from just being a buzzword that the whole world was talking about to an imperative survival issue for the corporate world. Fines, penalties, legal hassles, and loss of reputation for non-compliance are driving companies to pay heed to this issue on a serious note.

Compliance rules could originate from various sources including government regulations, corporate governance requirements, and internal company policies, among others.

In India, SEBI has recently initiated adjudication proceedings against twenty companies for non-compliance with Clause 49 (which deals with corporate governance) norms under their listing agreement with stock exchanges. Additionally, there are numerous examples of financial malfeasance due to fraudulent accounting practicesEnron, WorldCom, Tyco Global, and Computer Associates.

The Takers
The main takers of compliance are the companies which deal with the US or European clients. There is a need to have adequate safeguards and policies in place to comply with the regulations and data privacy norms in their clients home countries.

Overall, the industry verticals most affected are: banking and financeneed to comply with BASEL II, GLBA, PCI/DSS, and SOX (if the bank is listed in the US) and rules laid down by the regulator; IT and ITESneed to comply with SOX (if the company is listed in the US) and privacy laws of the countries where they operate; healthcareHIPPA.

Compliance Diary
Almost all Indian companies doing business with Nasdaq-listed companies fall under the purview of SOX (Sarbanes Oxley Act). BPO companies in India are legally obliged to abide by the regulations that their clients followthe Sarbanes Oxley Act, the Gramm Leach Bliley Act, the EU Data Protection Act, and the HIPAA. Specific regulations in India mandate how companies need to manage and store their information assets. These include the IT Act, the Indian Evidence Act, and SEBI Clause 49.

In the banking vertical, one of the most important regulatory compliances is Basel II (the RBI has specified that all banks have to confirm to the Basel II guidelines).

Taking the example of the banking industry, the RBI has indicated a requirement for record retention so that messages required for business and regulatory reasons are safely stored and easily retrievable.

For government departments/agencies coming under the ambit of the RTI, 2005, the concerned organization needs to ...maintain all its records duly catalogued and indexed in a manner that facilitates the right to information under this Act, and ensure all records that are appropriate to be computerized are computerized and connected through a network all over the country on different systems so that access to such records is facilitated.

With increasing reliance on electronic records to support litigation efforts, the need to prove that those records are not tampered with is becoming another requirement.

There are corporate governance norms like Basel II in the banking industry, and SEBIs Clause 49 that, in general, dont mandate specific compliance requirements from a technical perspective, but are nevertheless important guiding factors when organizations look at their internal control policies with regard to data retention, data access, and data security.

In response to IT compliance challenges, organizations are increasingly looking at ways to minimize fragmented initiatives, automate procedures and IT security controls, and apply best practices to reduce risk and to comply with different regulatory compliance.

Shipra Malhotra
shipram@cybermedia.co.in

Page(s)   1  

  Print this article   Comments  Email this article




Do you know your Linux is SAP ready?

e-Book guide to improve your PPM Process

Remove Uncertainty with SAP



Collective Intelligence @ Work

Vision 2020

Salary untouched by slowdown

 

 

 

 

 

 

Magazine Subscription | Sitemap | Contact Us | About Us | Advertising Print
Other CyberMedia web sites
  [Voice&Data]  [CIOL]  [PCQuest]  [Living Digital]  [IDC India]
  [CIOL Shop]  [DQ Channels]  [DQweek]  [Cybermedia Careers]
  [CyberMedia Events]  [Cybermedia Digital]  [CyberMedia India]
  [Cyber Astro]  [Global Services Media ]  [BioSpectrum]  [BioSpectrum Asia]

Copyright © CyberMedia. All rights reserved.
Reproduction in whole or in part in any form or medium without express written permission is prohibited.
Usage of this web site is subject to terms and conditions.