180 likes | 196 Views
Understand the challenges and opportunities of compliance in IT. Learn about the impact on data management, architecture considerations, and the importance of a comprehensive compliance strategy.
E N D
Compliance: Risks and Rewards for IT Michael Krieger Ziff Davis Market Experts
Welcome • What you’ll learn • Keynote/Participants/Panelists • Housekeeping
The Compliance Morass • Tangled Issues: Over 10,000 regulations in the US alone • Federal, State and Local • Some US regulations conflict with foreign regulations • Compliance isn’t just Sarbanes-Oxley, and isn’t just for public companies • DOT, Gramm-Leach-Bliley, HIPAA, OSHA, Patriot Act • Healthcare and Life Sciences have a particularly heavy load of regulations with which to deal
Market Drivers – Compliance Impact • Financial Services • Maintain growth, reduce costs, accelerate access to information • Life Sciences • Need to speed development, discovery • Healthcare • Close ‘technology gap,’ security, privacy • Government • Consistency/standards, information security
Compliance: Business View • Defining “compliant” records • Executive Accountability – Legal Liabilities • Non-compliance impacts the bottom line • Prison terms and fines possible • Opportunity to re-think processes, procedures, infrastructure • Inside IT and through the enterprise • Goal: Turn compliance to competitive advantage
Benefits Becoming Clearer Source: CIO Insight/Gartner survey of 182 organizations
Compliance: IT’s Opportunities • IT’s mandate: “Do More with Less” • Technology/IT’s role in data mgmt as relates to compliance • Retain, protect and maintain access to an ever-growing amount of data for audit • Storage Architecture Implications • Hardware to support all types of archival • Management software to automate processes • Compliance solution that leverages existing infrastructure • IT can MAKE or BREAK successful compliance solution implementation
New Targets: CIOs and CXOs • New regulations including SOX put the CIO at theoretical risk • ANY C-level executive can be held accountable and be prosecuted • Rica Foods CEO was fined • Major risk: Crime detection • Punishment can be avoided by taking ‘appropriate disciplinary measures’
Impact on Data Management • Escalating data management costs • As ‘compliant’ data grows, so does everything else! • Hardware underutilized or maintains stale data • Availability requirements – downtime is not an option • New data types include images, IMs, voicemail, PDA and smart phone data
Architecture View • The Data Lifecycle • Compliance can long outlive usefulness, so when planning compliance solution, keep in mind that compliant data: • Must be continuously available • Must be ‘future proof’ • Strict privacy must be adhered to • Must be unalterable and verifiable
Architecting Compliance – and More • Regulation-specific solutions can lead to fragmentation and confusion • It’s not getting any easier dealing with a myriad of vendors who just see $$$$ • Compliance architecture should be built from the ground up – encompassing ALL storage, not just compliance data
The Compliance Stack Compliance Team (people, processes)
Build Your Compliance Team • Compliance is a boardroom issue • Most companies have NOT involved legal counsel in compliance planning! • Less than half of companies are providing employee training on compliance • Over a third had NO IT department involvement in SOX compliance processes! • Source: Gartner
Impl. Policy, Operational, Tech Controls Develop a ComplianceArchitecture The Compliance Lifecycle Realize Accountability Evaluate and Review Regulation Review Understand Define Communicate Develop Evaluate & Review Consult Legal Counsel Evaluate Partner Community Communicate & Incorporate Define Policy &Procedure
The Long Road Ahead • Compliance record retention periods are growing – to decades in some cases • Long-term view to accountability and transparency regardless of specific regulations • Broader framework for managing all information is called for to protect IT and the enterprise from future regulatory impact
Stepping Stones to Success • Think “architectural solution” vs. “point” products • Leverage existing infrastructure • Go with solution that has positive impact on overall storage performance, not negative • Team effort with IT, Legal, HR, CFO • Adopt best practices discussed during today’s event
Thank you ! • For copies of this presentation, please contact _________ at ____________.