After Sarbanes-Oxley: IT Compliance Update

  By Ben Warden —

“The same thing applies here, the core vehicle of the certification has been there and will be there for years and years to come, and all we have to do is go, ‘OK, we’ll do this additive instead of this additive this time because that’s how the landscape has changed.’”

Worldwide Compliance
IT compliance becomes even more of a challenge in light of increasing globalization. With organizations doing increased business abroad, both in operations and job hiring, the mixing of domestic IT compliance processes with other countries’ programs may create problems.

Increasing ethical stipulations on IT security is a step in the right direction, but it all might be in vain if it doesn’t apply to the organization’s international contingent. It’s a tricky situation, where an outsourced employee working, for example, in India would have to follow the rules set forth by his or her employer’s country of origin.

“The real challenge [comes] as the workforce changes and becomes more diverse and internationalized within corporations inside the borders of the United States that are accountable under the laws of the U.S.,” Slater said.

“The biggest challenge over the past seven or eight years has [been to] make sure that these people who are not affected by our laws learn that corporations are accountable under these laws, and they need to abide by them if they’re going to work there.”

The passage of Sarbanes-Oxley raised the stakes for IT compliance, but subsequent developments have raised awareness of the issue even further. Whether through news coverage of the VA breach or just general media coverage of the risks presented by data theft, people have learned to keep a close eye on their personal information.
 
This shift has caused many businesses to rethink their IT strategies. A company or organization with perceived weak online security will take a hit in its pocketbook and struggle to regain public confidence. Even with the current flurry of legislation, the link between security and business results is an equal, if not greater, driver of IT compliance.
 
“From the beginning, it has been looked at as not just an IT problem but a business problem that had IT, financial and specific technology components to it,” Schmidt said. “Society is now saying, ‘We want you to protect our privacy. We want you to make sure our data isn’t out there published on the Internet on your Web site with my Social Security number in plain view.’”

– Ben Warden, bwarden@certmag.com