Feature

Mix of Frameworks and GRC Satisfy Compliance Overlaps

Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: Lessons learned from good and bad NAC implementations."

Download it now to read this article plus other related content.

Companies are finding innovative, all-encompassing ways to satisfy multiple regulations.


If you're responsible for security, risk management and/or compliance for a global pharmaceutical distributor, a large data provider or a small municipality, you're at the cross-section of federal and industry regulatory compliance.

Regulation bombards you from every direction. Failure to meet federal and state mandates such as Sarbanes-Oxley and state data breach notification acts threatens the reputation of your corporate brand and the personal freedom of your executive officers. Falling short on industry requirements such as HIPAA, PCI, the Fair Credit Reporting Act or even state law enforcement accreditation puts in jeopardy your company's ability to do business as well as your customers' personally identifiable information.

As an information security and risk professional, you've been thrust during the last half-decade into the crosshairs of an increasingly regulated business environment. Frame-works, audits, automation and GRC are the fabric of your being.

Redundancy cannot be.

"What you don't want to do is implement or test the same control three, four, five times over," says Marc Othersen, senior analyst in the security and risk management practice at Forrester Research.

So how are businesses managing multiple regulations

    Requires Free Membership to View

without a massive duplication of efforts? Is there a catch-all framework that satisfies all the overlap?

Three enterprises servicing three different markets are building their version of a compliance "easy button," drawing on a multitude of resources to create a repeatable set of processes that would satisfy the grumpiest auditor.

This was first published in September 2008

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: