Compliance: Stay ahead of the game

By Rob Buckley on Jun 15, 2007 11:54 AM
Filed under Hackers

Don't sit around waiting for the next piece of legislation. It's better to be adaptable and make general compliance your aim. Rob Buckley reports.

No industry or organisation is untouched by compliance. Whether it's employment law, data protection or more notorious pieces of legislation, such as Sarbanes-Oxley, the way companies and their employees behave and conduct business is under ever greater scrutiny. It's no longer enough just to say that everything is being done correctly - now you have to prove it.

How organisations do this varies, as you might expect. Some bury their collective heads in the sand, but others are facing facts and are at least looking at their compliance responsibilities. Some are even buying information technology in an effort to make themselves compliant.

However, as almost every consultant will tell you, compliance is more about process than anything else - technology, if it comes into play at all, comes much, much later. "Compliance, almost by definition, is about process. Technology just automates the process," said Steven Cox, principal consultant at CA.

So, from the outset, the first step for any organisation is simply finding out what they have to do to be compliant and what they need to be compliant with. Most pieces of compliance legislation talk about "protection of end-user data" and the prevention of data loss, but few discuss details, according to Andy Green, security solutions specialist at support services group Alfred McAlpine.

Depending on the sector, there are some clear first stops for information, such as the industry regulator itself. The Information Commissioner will offer advice on Freedom of Information Act compliance, for example, while the Financial Services Authority offers guidance on complying with its many rules and regulations.

However, for more detailed information, particularly with regard to IT systems, bodies such as the International Security Forum (ISF) can provide advice to its members.

"The ISF has a database of all the laws in all the countries around the world," said Dave Martin, lead security consultant at LogicaCMG. "It is maintained by its members around the world. It's one of the best sources I've seen." He warns that few of the members are lawyers, so anyone consulting the database should also check with their legal department before acting on any information.

You must be a registered member to access this content.
Please Sign in below or Register now.
NOTE: This Feature is more than 7 days old.
Please login to view the rest of this article

Login above or Register now and get unlimited access.

Already subscribed but have forgotten your login? Recover your password your here.


Why sign up?
  • Unlimited access to SC Magazine content as well as access to to our global resources from SC Magazine US and UK editions.
  • Full use of over 11,000 articles database covering breaking news, video interviews, case studies, research, product reviews and exclusive features with fast and intuitive filtering of results.
  • Personalised "Recommended for you" filters to ensure you have the most relevant content at your finger tips.
  • Daily security bulletin direct to your inbox covering the latest security news from Australia/NZ and around the world.

Register now, its free! We'll never sell your details to third parties and it helps SC Magazine to keep serving you quality stories.
Sign up to receive SC Magazine email newsletters
   FOLLOW US...
Most Read