Video: Constructing a 'normalized' corporate compliance program

Video: Constructing a 'normalized' corporate compliance program

Video: Constructing a 'normalized' corporate compliance program

Date: Jan 11, 2013

Modern IT organizations face an infinite number of compliance regulations based on industry, customers and general business rules -- and the number of rules seems to grow every day.

The trend is not going to change any time soon, either, said Mike Chapple, IT security manager at the University of Notre Dame in Notre Dame, Ind. The myriad regulations facing today's IT organizations creates what he calls a "jungle" of compliance rules complicated by varying jurisdictions and differences between federal and state and local laws.

"Whether you are in banking, health care, e-commerce or even education, there are likely a number of laws, regulations and contractual obligations that govern your IT operations," Chapple said during a webcast on building a normalized compliance program. "The compliance jungle exists because there are so many overlapping legal and regulatory requirements."

As a result, it's up to information security and compliance professionals to sort out what compliance rules apply to their organizations and figure out how to meet those requirements while still getting business done, Chapple said.

More on corporate compliance programs

Self-police risk to avoid SEC enforcement, panel states

Leverage technology to ease compliance management

But building -- and maintaining -- a corporate compliance program is not an easy task for any organization. Regulations are constantly in flux and not very well coordinated, Chapple said, creating an environment in which governance, risk and compliance (GRC) officers are expected to not only determine how to comply with current rules, but also how to be prepared for what is coming down the road.

To offset these issues, Chapple suggests developing a "normalized" corporate compliance program -- one that combines all of a company's compliance regulations and processes into one document. This can eliminate process overlap and prevent GRC redundancies, he said.

"We need to go through and look at all of the different requirements that apply to us and try to normalize it," Chapple said. "If we follow the controls we have in place, we'll be in compliance with all of the different requirements that we're subject to. Then we can map it to the different regulations and know that, as long as we're following our own statement, we've met the requirements."

In this video webcast, learn more about building a normalized corporate compliance program as Chapple offers tips on identifying what requirements apply to your organization, tools to help map security controls to those requirements, and advice for maintaining GRC programs in the face of constantly changing regulations.

Let us know what you think about the story; email Ben Cole, associate editor. For IT compliance news and updates throughout the week, follow us on Twitter @ITCompliance.

More on Managing governance and compliance

  • canderson

    Key enterprise mobile management software and technologies

    VIDEO - In the final part of this webcast series, enterprise mobility consultant Bryan Barringer lays out the most important mobility management software and techniques.
  • canderson

    Don't let BYOD legal issues sink your BYOD initiative

    VIDEO - Companies best be aware of the legal issues that accompany their BYOD initiatives, mobility consultant Bryan Barringer explains in part one of this webcast series.
  • canderson

    BYOD best practices call for mobility governance team

    VIDEO - In part two of this webcast series, enterprise mobility expert Bryan Barringer discusses BYOD best practices to confront the challenges that accompany mobility.
  • compliance

    Definition - Compliance is the act of being in alignment with guidelines, regulations and/or legislation. Organizations must ensure that they are in compliance with software licensing terms set by vendors, for example, as well as regulatory mandates.
  • Will new net neutrality regulations spur investment and innovation?

    News - The FCC gave new net neutrality regulations the go-ahead, but the battle for an open Internet is hardly over. In this #GRCChat recap, find out whether the new regulations mean good news for innovation and consumer privacy.

    ( Mar 17, 2015 )

  • Emerging cyberthreats exploit battle between compliance and security

    News - While regulatory compliance is valuable and necessary for enterprises, cyberthreat experts say a compliance-centric security strategy may leave organizations with few resources to ward off emerging cyberthreats.

    ( Mar 05, 2015 )

  • COBIT 5 (Control Objectives for Information and Related Technology 5)

    Definition - COBIT 5 is the fifth iteration of a popular framework that's used for managing and governing information technology (IT).
  • audit program

    Definition - An audit program, also called an audit plan, is an action plan that documents what procedures an auditor will follow to validate that an organization is in conformance with compliance regulations. 

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: