Standard Compliance versus Security , The value of IT grows when it becomes standardized. The common platform of standard enables IT to have great benefit of being able to integrate with other organizations like partners, suppliers or customer system. Thus the standardized and shared options of IT provide great cost advantage as well as ensure smooth flow of information. The need to standardize, in effect, promotes commoditization because it turns the technology into a shared infrastructure. Compliance means infrastructure that has been built meets certain criteria.
Standard Compliance versus Security
The IT department has to shoulder some of the responsibility for compliance with current laws regarding enterprise data well. Risk and compliance challenges make it difficult to establish and maintain good corporate IT governance. Moreover, power of information makes it valuable and hence more prone to “security attack”. Hence, IT leaders have a very responsible role to play to ensure security, accuracy and reliability of the infrastructure.
Being secure does not always mean being compliant with the criteria of a standard IT infrastructure and management system and being compliant often does not mean being secured. IT governance is a framework that ensures that technology decisions are made in support of the business’ goals and objectives. It provides the critical checks and balances designed to better manage and mitigate risk, standardize practices, stream-line procedures, and strengthen returns on assets.
The key point to understand about regulatory compliance is how to mesh the infrastructure with its own organization’s functions and business strategy, process and dependent entities. The compliance issues have to be scrutinized under macroscopic and microscopic view to dig out the real value addition it may offer. More importantly, what the legal or financial ramification may be for not following through with it or being failed to achieve it. To fabricate a standard or compliance in an IT infrastructure has its own cost and return as well. Recent industry reports indicate that IT spending on compliance issues is growing and IT executives around the world are engaged increasingly in compliance activities such as data privacy, security, and retention.
Research conducted by MIT has found that “companies with better than average IT governance earn at least a 20 percent higher return on assets than organizations with weaker governance.”(“Recipe for Good Governance” by Jeanne Ross and Peter Weill, CIO Magazine, Vol. 17, No. 17, June 15, 2004.)
Successful compliance and control of information technology systems is more than simply making sure that the IT infrastructure and management cycle is secure and aligned with mandated governmental regulations. The compliance program should ensure that the infrastructure is meeting regulatory requirements on an ongoing basis and it should also target the “return on assets” value associated with IT governance.