IT Compliance is about the effort and process to keep computer systems compliant to corporate standards and government regulations. Being a IT manager, you need to consider the information and cyber security, manage the risks of your IT systems, and audit the critical activities including:
Know the Standards and Regulations
The first step to IT compliance is understanding what the standards and regulations are. You need to consult your industry compliance experts to obtain the complete list. The following are some major ones:
Implement Best Practices - Control, Limit, Monitor
There is no second choice than implement the following best practice for IT compliance.
Resources
- policies
- resources or assets
- workflows
- access controls
Know the Standards and Regulations
The first step to IT compliance is understanding what the standards and regulations are. You need to consult your industry compliance experts to obtain the complete list. The following are some major ones:
- HIPAA - Healthcare
- The HIPAA, or the Health Insurance Portability and Accountability Act, was signed into law in 1996. The Office for Civil Rights oversees this law, which protects the privacy of medical patients as all medical records now have to be kept in electronic form.
- GLBA - Financial
- The GLBA, or the Gramm-Leach-Bliley Act, is also known as the Financial Modernization Act of 1999. This a federal law enacted in the United States to control the ways that financial institutions deal with the private information of individuals.
- PCI - Financial
- The PCI stands for the Payment Card Industry standard. It is a set of requirements designed to ensure that all companies which process, store, or transmit credit card information do so in a secure manner.
- NERC - Utility
- The NERC, known as the The North American Electric Reliability Corporation, is mandated to ensure the dependability and consistency of the North American bulk power system.
- Sarbanes-Oxley
- The Sarbanes-Oxley, know as the Sarbanes-Oxley Act of 2002, was created to protect investors from accounting fraud, specifically that which is related to shares sold by publicly traded corporations.
- ITIL
The ITIL, formally an acronym for Information Technology Infrastructure Library, is a set of detailed practices for IT service management (ITSM) that focuses on aligning IT services with the needs of business. - COBIT
The COBIT stands forControl Objectives for Information and Related Technologies, is a good-practice framework created by international professional association ISACA for information technology (IT) management and IT governance. - GDPR
The GDPR, known as General Data Protection Regulation (GDPR), is the is a regulation on data protection for all individuals within the European Union (EU).
Implement Best Practices - Control, Limit, Monitor
There is no second choice than implement the following best practice for IT compliance.
- Control with a Clear Lifecycle
Control all the information, resources and assets with a clear lifecycle, so that we need to know when to create, save and delete - Limit the Information Access Endpoints
Limit all information access including devices (desktops, servers and mobile devices), services (applications, Web APIs, network), an people. You need to assign unique identities for all these and define policies to govern the access. - Monitor All the Resources and Processes
Know who is doing what, where and how.
Resources