Good compliance software, he says, generally includes a secure document repository or database, editing tools, e-mail-integrated workflow routing tools, a Web publishing mechanism, testing tools, issue resolution tools, audit trail tracking, and reporting tools.
According to a recent study published by AMR Research, an organization in Boston that provides data and advice to supply-chain and IT executives, most large to midsized organizations are now at the point where they are beginning to automate their existing compliance processes with software.
The extensive efforts required for compliance achieve more than just the safeguarding of vulnerable information. “It’s to create a more secure and efficient business environment,” Olejnik says. “By bringing some structure and discipline to information technology with performance goals and measurements, companies can begin to run their IT organizations better.”
Regulations are meant to ensure good-faith interactions with consumers, he says. When you open an account at a bank, you assume they’re not going to share the information, and that they’ve got the appropriate safeguards in place to keep someone else from waltzing off with it. When you buy stock in an organization, you assume that a disaster won’t bring them to their knees because they’ve been negligent with their backups.
The root of compliance—the real essence of it—is safety, especially in a day and age when IT departments are routinely compromised by hackers. “There are a lot of bad things going on in the IT world now,” Boecher says. “Once a company is tested and they fix their vulnerabilities to come in line with best practices, their chances to get hacked are substantially reduced. And I think their insurance carriers will support those actions. It’s expensive, but I think in a lot of ways, it pays for itself.”
