IT DRILLDOWN
SOA
Virtualization
 
NEWSLETTERS
 

CIO.com updates, insights and advice on technology, management and your career.

 Advice and Opinion
 CIO Consumer IT
 CIO Leader
 CIO Enterprise
 CIO Insider
More Newsletters | Edit Profile
 
RSS Feeds »
 
 
LEADERSHIP
 
CIO Executive Programs
The Leader in Face-to-Face Education for Senior Executives

Offering regional and national programs, CIO (and CSO) events bring together some of the most respected names and thought leaders in information technology and security. Presented by CIOs and other senior level executives, these invitation-only programs offer timely topics and strong networking. Learn More »

 
CIO Executive Council
A Peer-Advisory Service and Professional Association for CIOs

Portfolio Management Maturity Model at Chevron - Presentation & Discussion

November 13, 11:30 AM - 12:30 PM ET (GMT-4)

The fundamental goal of the model is to help IT become a business partner and earn a seat at the table. Core to the model is to establish a five year IT strategic road map that is owned by the business. Presenter Janinne Franke is manager of strategy, planning & optimization at Chevron's corporate department & services. She will share processes and lessons learned from developing and implementing the model.

More / Register »

Learn more about the CIO Executive Council »



 
 
RESOURCE CENTER
 

buy a link »

Ads by TechWords
 
 
SUBSCRIBE TO CIO
 
Are you involved in setting the direction for your company's IT budget or strategy?

Apply today for a FREE subscription to CIO Magazine!

Subscription Services »
Reprints »

 
 
Caveat
 

Tear Down that Silo: Compliance in the Executive Suite

Treating compliance as a one-time project may cost your business up to 10 times more for IT measures than for those who take a proactive and integrated approach.

 

By Venkat Raghavan, Tivoli Software at IBM

October 01, 2007CIO — The difficulties of complying with regulations aren't going away; however, there is vast opportunity for organizations to gain competitive advantage by developing the right information technology infrastructure, policies and processes.

Companies looking to stay off the compliance hot seat should develop a repeatable compliance framework, a centralized control mechanism and a top-down organizational structure to implement compliance procedures across the organization. Doing so can help organizations respond to requirements in a faster, more flexible manner.

Companies that treat compliance as a one-time project, on the other hand, may spend up to 10 times more on IT-related measures than for those who take a proactive and integrated approach, according to research firm Gartner.

As threats of accounting scandals, terrorist attacks and data breaches multiply, the importance of laws such as Sarbanes-Oxley and HIPAA is more apparent than ever. Accordingly, the executive suite is becoming more involved with compliance strategy and is demanding increased oversight.

Despite this increased urgency, however, many companies still tackle compliance only when they need to meet a requirement by a certain deadline or avoid lawsuits. Smart companies see an opportunity to build a service-oriented architecture (SOA) as an IT backbone to assess the effect of compliance on business processes and develop a unified approach to replace manual siloed processes.

Employing a Centralized Control Framework
Rather than addressing individual requirements, leading organizations are looking at a centralized control infrastructure based on SOA to manage critical business processes.

To build this framework, the first challenge is the collection and analysis of compliance data that is captured across different repositories within an organization in a consistent, reliable and predictable manner. This can be exacerbated by the relentless deluge of data.

Organizations then have the difficult task of managing the enormous amounts of data effectively and making sense of the information they have collected over the years. They continue to struggle with locating and governing data, determining its worth, classifying risks and identifying whether they have adequate control measures in place. Further, many companies aren't sure how to measure progress around these problems.

Not having an adequate method of governing and measuring data puts the organization at risk. For example, to achieve compliance, organizations should be cognizant of the business impact of an IT outage and have real-time data to assess the availability of mission-critical business capabilities.

Having a centralized control framework allows companies to effectively implement policies while providing a linkage to business controls, including controls over financial reporting. It helps protect sensitive information from unauthorized disclosure, safeguards the accuracy and completeness of information, ensures that information and vital IT services are available when required, and provides information and services with a high level of efficiency.

Loading...
 
 
ABCs
 

Just the basics, please. Sometimes we all need a refresher or we need to make sure our team and our colleagues are all on the same page.

Over 25 tutorials on everything from business intelligence to virtualization.

 
 
FEATURED SPONSORS
 
 
 
SPONSORED LINKS
 

7 Requirements of Data Loss Prevention

A Guide to Understanding Hosted and Managed Messaging

Google Apps Premier Edition Helps Indoff Manage E-mail More Effectively

CapGemini Cut Call Center Costs with Google Apps Premier Edition

Comprehensive Review of Security and Vulnerability Protections for Google Apps

Web 2.0 The New Face of the Web

Universal Search in Healthcare Organizations

Google Case Study: Agile Software

Universal Search in High Tech Organizations

Providing Universal Search for Business

Google Case Study: Kimberly-Clark

Put Enterprise Communications on Autopilot

Portfolio Management for Effective IT Governance

Making Enterprise Architecture Work within the Organization

Telepresence - A Realistic Solution Connecting a Global Workforce

Enabling Enterprise 2.0

Customer Hubs Deliver on the Failed Promises of CRM

Live Webcast - Ensuring Business Services Delivery

IT Cost Transparency & Performance Management for Optimizing IT

Solving Online Credit Fraud Using Device Reputation

Stimulating Innovation: Meeting IT's New Mission

Strategic IT Financial Management - Achieve Higher Organizational Performance

New research validates telepresence solutions.

HP Puts Its Disaster-tolerant Capabilities to the Test

Industry Analyst Report: Top Hosted Exchange Vendors in 2008

Best Practices in Choosing and Consuming Managed Security Services

A Guide to Messaging Archiving

2008 Google Communications Intelligence Report

The Impact of Messaging and Web Threats

Comparing Google and Other Leading Messaging Security Solutions

Deploying a Google Search Appliance is Not your Typical IT Implementation

Google Case Study: Pioneer Investments

The Case for Universal Search

Universal Search in Financial Services Organizations

Google Case Study: Sunnybrook Health Sciences

Learn About the Features of the Google Universal Search Solution.

Mission Impossible: Building the Right Project Metrics

Project Portfolio Management - Boost the Value of IT

Embedding Architecture into the Organization

Data Center Asset Planning - Regaining Control of the Data Center

Develop new insights that deliver better business results

"Enterprise-Proven" is the Prerequisite for Enterprise SaaS Portal Solutions

Top 10 Ways to Protect Against Web Threats

The Case for Business Software Assurance ~ Securing Your Applications

The Benefits of Data Deduplication for Data Protection in the Enterprise

Reap the Benefits of Unified Communications

Unified Communications: "More Than Just Talk"

Extending the Enterprise Network Through Mobility

Keep proven data center technology. Evolve with Brocade

Motorola AirDefense can identify and exterminate your rogue APs. Learn more