6/26/2006

Regulatory Compliance Guides

This Regulatory Compliance Planning Guide from IT-Observer offers a comprehensive overview of regulatory compliance issues, particularly those of concern to IT managers, stating:

"Regulatory compliance is a topic that few organizations can ignore. An ever-increasing number of regulations affect companies both large and small. The regulations and standards come from many sources, such as national and local governments. Examples include the Sarbanes-Oxley Act (SOX) and the California Law on Notice of Security Breach, formerly known as SB-1386. They also come from industry-specific oversight groups, such as the Payment Card Industry Data Security Standards.

What makes this situation even more complex is that any organization might need to comply with multiple sets of regulations, each of which mandates a separate set of requirements. Not surprisingly, many companies find it difficult to understand how to respond appropriately to these regulatory requirements, and then maintain their regulatory compliance through cost-effective processes and procedures. Finally, regulations often mention IT controls only in passing, and leave IT managers to determine exactly what they must do to achieve and maintain regulatory compliance.

The Regulatory Compliance Planning Guide is for IT managers who are responsible to meet the regulatory compliance obligations of their companies. The intent of this guide is to assist them in achieving two primary goals:

• First, to help IT managers better understand what they need to know to address their regulatory compliance requirements. To achieve this, the guide describes how IT managers can use a framework-based approach to compliance, and includes mappings of five common regulations and standards with which many organizations must comply.

• Second, to help IT managers understand how they can begin to address many of the IT control requirements that apply to their organizations. To achieve this, the guide provides information about solutions that you can use to address the regulatory compliance requirements for your organization."

The All-in-One Compliance Guide "is a collection of resources designed to help security professionals contribute effectively to their compliance programs. Each chapter is designed to address key concerns, whether you're learning about the regulations, working on process improvement or searching for effective products. The goal is to help you build a risk management program that can meet regulatory expectations..."

Technorati Tags: , , , ,