AKIBIA'S PRACTICAL GUIDE TO ENTERPRISE TECHNOLOGY
Thursday, March 25, 2010
New Requirement - New Fire Drill?
Gartner research suggests that companies that select individual solutions for each regulatory challenge spend 10 times more on the IT portion of compliance projects than companies that take a proactive and more integrated approach.
If you are like most companies I’ve spoken to however, your team is approaching compliance in a piece meal fashion that addresses one regulation at a time. Your team is overworked, over budget, duplicating efforts and still not completely able to prove compliance to the rest of the executive team and the auditors.
The problem is there are simply too many compliance requirements, too many updates and changes to those requirements, and not enough staff, resources and specific expertise within your team to address all the requirements you need to meet.
For example, I recently met with the VP of technology for a large grocery chain. As a retail company with stores in Massachusetts they need to worry about PCI, as well as the Mass Data Privacy Law. But in addition to these well known regulations, they must also comply with laws related to Healthcare Flex Spending Accounts, specifically IIAS regulations governing approximately 80 products the grocery sells. With his team already strapped with compliance and security projects, setting aside additional time to address these specific regulations would overtax resources.
By leveraging our managed service the company could take a step back and look at all compliance requirements from a more holistic level. By mapping the various compliance requirements against each other, they could see that existing projects and solutions already in place that could solve much of the challenges presented by IIAS regulations. As a result the company did not need to take time and effort away from other critical security projects and business process improvements.
