News

ITCi Helps Companies Focus on Compliance

• By Kathleen Ohlson
• July 13, 2005

The IT Compliance Institute has launched what it calls the Unified Compliance Project, created to assist companies struggling with meeting regulatory compliance requirements.

The UCP deconstructs corporate regulations such as detailed in Sarbanes-Oxley, Basel II, HIPAA and Gramm-Leach-Bliley and presents them in a single compliance view. The project helps companies identify requirements for information security, records management, risk management and other IT functions, aligning products and services across multiple compliance efforts, corporate divisions and business systems. Fixing overlaps would cut compliance costs, limit liabilities and maximize enterprises’ IT investments, according to ITCi.

Regulatory and standards requirements are in 12 critical IT Impact Zones: leadership and high-level objectives; audit and risk management; design and implementation; systems acquisition; operational management; IT staff management and outsourcing; records management; technical security; physical security; systems continuity; monitoring, measurement and reporting; and privacy.

For example, audit and risk management focuses on vulnerability assessment, gap plans and active risk management to address threats before they become problems. Operational management works at coordinating corporate strategy with IT reality, as well as functions such as analytical, process and control evaluation. Records management defines content management in enterprises, focusing on filtering, indexing, keeping and searching different record formats, including structured and unstructured data.

Physical security evaluates ways to protect IT assets, including biometrics, facility access, physical access controls and protective hardware and devices. System continuity minimizes the impact of destructive physical and technology emergencies.

Each zone features IT control objectives mapped over 60 standards and regulations, as well as query ability to identify what types of control objectives are needed for multiple sets of regulations and standards.

The UCP is a cooperative research and development effort by ITCi, ADT’s sister division, and Network Frontiers, a compliance expert and consultancy.