BACK TO BASICS SERIES: IT Compliance

IT Compliance…. what?

Contrary to popular belief, IT compliance teams don’t exist to just make everyone’s lives miserable, that’s just one of the many perks!  IT compliance teams exist to make sure that your company is doing what they should be doing by ensuring compliance with standards and requirements.  These teams are an integral part of any regulatory assurance or risk management program.  After all, we are all in the business of minimizing and mitigating risks which should be the point of any well thought out information security program.

Before you decide that your company needs an IT Compliance team you need to ask yourself: what are trying to be compliant with?  Most companies set up these types of teams to ensure compliance with an external regulation such as SOX, PCI DSS, or even NERC CIP.  IT compliance teams don’t just have to ensure compliance with external regulations though.  Some smaller companies should consider standing up internal IT compliance teams to ensure compliance with information security policies and to run internal controls programs.

IT Compliance teams are a value add to any organization.  They typically help interpret standards and requirements and often aid with the implementation of sometimes confusing standards.  Additionally, these teams often help with the development of policies, processes, and procedures in the regulated space to help ensure compliance.  This activity can have numerous benefits as it can help bake in compliance requirements from the get-go at the policy level and increase the efficiency of operations.

In short, IT Compliance teams can help any size organization to adhere to any compliance regulations.  The value add with these types of teams is almost too great to quantify as they can help keep teams on track by ensuring compliance with both internal and external standards and requirements.