Generate Cost Savings and Improve Efficiency with Proper Compliance Efforts

Organizations spend billions each on compliance. By any measurement, compliance is costly, and businesses are in business to do business, not to be compliant. The good news is that organizations can reap increased operational efficiencies by properly undertaking efforts to achieve compliance. Many compliance requirements are simply well-established best practices that have been turned into legislation. But organizations need to be careful to avoid paying for solutions that follow the letter of the law but miss its spirit.

This paper focuses on optimizing the IT compliance effort by:

• Identifying key requirements of the Sarbanes-Oxley Act of 2002 (SOX), the Federal Information Security Management Act of 2002 (FISMA), and other legislation that offer potential value
• Understanding COBIT, ISO 27002, and National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 and their relation to compliance
• Distinguishing form from function when evaluating solutions
• Realizing increased efficiency
• Getting more than compliance from compliance solutions
• Using security efforts to improve business operations
• Identifying the compliance-related product types that have high business value or cost savings

Compliance with regulations like such as SOX, PCI DSS, and FISMA does not need to be the resource drain that it often becomes in organizations. Armed with the right perspective and knowledge, the IT professional will be able to capitalize on the effort and technology investments made in the name of compliance to further IT’s mission to deliver business value and reduce costs.