IT Compliance Best Practices for a Progressive Future

Document Sample
IT Compliance Best Practices for a Progressive Future Powered By Docstoc
					IT Compliance Best Practices for a Progressive Future

Compliance can be an overwhelming task with ever-growing demands for adherence to various
industry regulations such as HIPAA Compliance, GLBA Compliance, SOX Compliance and many
more. However, it is possible to achieve complete compliance and security by encouraging the
members of organizations to follow a streamlined path towards effective management of IT
resources and efficient operations.

Hence the need is to enforce a strategy that will help accomplish compliance requirements and
yield positive results. And the basic aim of such a strategy is to inculcate business best
practices, including the following:

Comprehending & Evaluating Compliance Performance: Enforcement of compliance
policies should be undertaken with the explicit approval of the management and the technical
teams. The technical team has to ensure that the system and network devices are configured
with standards approved by the management team, in a manner that does not hinder
compliance.

Implementation of Risk Assessment Measures: An intrusion prevention system proficient
in risk assessment provides solutions against anticipated threats. The employees of an
organization need to realize that merely understanding the worth of compliance will not serve
the purpose. They need to be aware of the present compliance status and the areas that lack
compliance, so that standard risk assessment procedures can be implemented. Risk assessment
would involve the following:
    Formulate a plan to optimize available resources
    Collect all relevant data have for further analysis
    Review all business processes involving the process owners
    Test and analyze Technical and technology solutions involving the technology owners
    Document analytical findings and risk levels, and report the remediation measures and
       improvisation techniques

Enforcing Appropriate Policies: While ensuring IT Compliance with existing regulations,
organizations should also ensure that the security infrastructure is capable of identifying risks
and compliance gaps, and reporting the status. A centralized management process can help in
this regard, and the controls used should provide both preventive and detective solutions.

Tracking, Enforcing & Reporting: It is very important to ensure that compliance practices
are working properly and in the event of non-compliance, matters are dealt with promptly and
effectively. Internal audits can be very helpful in tracking and reporting the compliance status.
Organizations are completely secure and compliant only when all governance, risk and
compliance issues are addressed effectively. The key is a competent compliance management
software solution with automated and integrated processes, which has the capability to
perform all the above-mentioned functions efficiently.

Read More On:
    vendor management
    vulnerability management

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:22
posted:1/11/2011
language:English
pages:2
Description: Compliance can be an overwhelming task with ever-growing demands for adherence to various industry regulations such as HIPAA Compliance, GLBA Compliance, SOX Compliance and many more. However, it is possible to achieve complete compliance and security by encouraging the members of organizations to follow a streamlined path towards effective management of IT resources and efficient operations.