REGULATIONS, LEGISLATION AND COMPLIANCEFeature articles, profiles, columns and how-tos on understanding and complying with requirements involving corporate IT. From CIO magazine, CIO.com and sister publications. \n\n\nCustoms Rattles the Supply Chain\nThe government wants you to secure your supply chain. Right now, its program is voluntary. It won't stay that way for long. And the responsibility for collecting the data Uncle Sam wants is going to fall on\u2014you guessed it\u2014the CIO.\n\nPatchwork of Privacy Regulations\nThe growing number of discrete privacy regs makes for confusion. We need to define our terms and create a framework all of U.S. industry can adopt. (From CSOonline.com.)\n\nCompliance Spending on the Rise\nDespite current uptake of regulatory compliance programs being low, a MarketShare survey commissioned by Serena Software, covering 148 CIOs across Asia and Australia, showed that 75 percent of them ranked compliance as one of the top objectives for 2006. (From CIO New Zealand.)\n\nCompliance: 10 Questions Your CEO Should Be Able to Answer\nAnd you're the one who has to make sure they can.\n\nBuilding the Compliance Infrastructure\n\nService-oriented architectures have found their way to the network.\n\nSurviving the IT Audit\nA blog post and readers comments on their experiences with IT audits.\n\nRiding the California Privacy Wave\nWherever your business is headquartered, you have to deal with the new tide of legislation swelling out of the Golden State.\n\nMessage Therapy\nFederal regulations require an entirely new approach to story and searching e-mails. Noncompliance is not an option.\n\nThe Bitter Pill\nRegulation has come to town, and IT will never be the same.\n\nThe Bitter Pill\nRegulation has come to town, and IT will never be the same.\n\nThe Auditors Are Coming\nKnow your company's weaknesses before they do.SARBANES-OXLEYOur collected works on this influential act of Congress to regulate corporate governance.\n\nHow to Dig Out from Under Sarbanes-Oxley\nUnless CIOs do Sarbanes-Oxley differently this time, it will cost even more money and cause even more pain. Here's how to avoid all (or at least most) of that.\nJuly 1, 2005\n\nSox Compliance Now Business as Usual\nThe effect of the Sarbanes-Oxley Act on IT budgets is receding, as compliance becomes just another cost of doing business, according to reports from AMR Research.\nJuly 1, 2005\n\nFrom the Publisher: Repeal Sarbanes-Oxley\n\nGary Beach says American companies are spending valuable resources on compliance rather than on competition.\nApril 1, 2005\n\nFrom the Front Lines\nThe CIO Executive Council shares insights on Sarbanes-Oxley compliance.\nFebruary 1, 2005\n\nThe Sarbox Conspiracy\nSarbanes-Oxley compliance efforts are eating up CIO time and budgets. Worse, CIOs are being relegated to a purely tactical role. And that may be the CFO's plan.\nJuly 1, 2004\n\nSarbanes, Oxley and You\nFiona Williams, who is responsible for Deloitte & Touches security services practice for North America, answers questions about the Sarbanes-Oxley Act. (From CSO magazine.)\nOctober 1, 2003\n\nFinance Law May Force IT System Overhauls\n\nA look at the key phrases in Sarbanes-Oxley that have potential IT implications. (From our IDG Enterprise Network partner, Computerworld.)HIPAA\n\nHIPAA Compliance: Times Up\nCSO sat down with Partners Healthcare CISO Bob Pappagianopoulos to talk about the mandate and its challenges. (From CSO magazine.)\nJune 1, 2005\n\nManaging HIPAA's Pain\nHalfway between the deadlines for HIPAA's privacy and security rules, health-care CISOs share compliance lessons for the rest of us. (From CSO magazine.) \n\nApril 1, 2005\n\n\nPLAYING BY NEW RULESCIO's 2003 series, "Playing By New Rules: Your Risks and Responsibilities," examines the federal legislation and regulation that profoundly affects how your company manages data, ensures security and protects privacy.PART ONE \nWhat to Do When Uncle Sam Wants Your Data\nAs the czars of data, CIOs better be prepared when the FBI knocks on their doors.\nApril 15, 2003\n\nPART TWO \nYour Risks and Responsibilities\nYou may think the Sarbanes-Oxley legislation has nothing to do with you. Youd be wrong.\nMay 15, 2003\n\nPART THREE \nEight (Not So) Simple Steps to the HIPAA Finish Line\nWhile much of the new security rule is common sense, meeting it by the 2005 deadline wont be easy. Heres a checklist to ease your heartburn.\nJuly 1, 2003\n\nPART FOUR\nA Funny Thing Happened on the Way to Compliance (It Got Easier for CIOs)\nEveryone thought the Sarbanes-Oxley financial disclosure act would require CIOs to perform heroic feats of integration, spend fortunes on software and invest enormous amounts of sweat equity. Now, with the law reinterpreted, only the last appears to be true.\nDecember 1, 2003 \n\n\nOTHER RESOURCES\n\nFull Text of the Sarbanes-Oxley Act\nSixty-six pages of fun (pdf).\n\nDepartment of Health and Human Services\nWith access to full text of HIPAA law and other resources.