Compliance relates to the ability to define, enforce, and audit enterprise policies. It has not only become an oversight or regulatory expectation, but, more importantly, compliance has become a measure of the reputation of an enterprise. It provides assurance to the customers and others that depend on that enterprise; it demonstrates credibility of the enterprise.
Several important regulations that drive compliance process are SOX, GLBA, HIPAA, BASEL II. All these regulations require that enterprises define appropriate Control Objectives, put in place effective IT controls that implement these objectives, and implement periodic testing and internal auditing of the IT controls to ensure that they are sufficient and are implemented properly.
We have a combination of business and technical experience and resources to help our Clients to:
* Choose appropriate Control Objectives Framework (e.g. ISO17799, BS17799, COBIT)
* Decide on what IT controls must be in place to achieve the objectives specified.
* Analyze existing infrastructure and identify missing or insufficient controls.
* Implement missing IT controls (for example, in the areas of Security, Change Management, Assets Management)
*Design IT controls testing/internal quality assurance procedures, and even auditing procedures
*Design the set of dashboards and associated reports that indicate the IT compliance state
Our approach to IT compliance is based on understanding that compliance is not a regulatory nuisance - it is the means to achieve more efficient, secure, robust IT operations, and ultimately demonstrate a credible reputation of an enterprise.