Compliance

Take the doubt out of your Audit process

»IT Compliance
IT Compliance 2017-07-03T10:53:06+00:00

COMPLIANCE

Take the doubt out of your Audit process

compliance-banner-1

IT Compliance - 3 Sure steps to compliance - Take the doubt out of your Audit process

Compliance requirements can be complex and confusing for IT staff

As if IT staff didn’t have enough to worry about.  They also have to ensure that they adhere to an abundant, confusing and ever changing array of industry and regional compliance requirements.  An increasingly difficult task in today’s decentralized, multi-platform and mobile world with an ever faster software delivery mandate.

Data and applications have become a pervasive component of modern business and these have become a subject of new and diverse compliance requirements.  Failure to comply could mean fines, penalties, loss of trust, even imprisonment.  At the same time applications themselves have become more complex which increases the chances of ‘dropping the ball’ when it comes to compliance.

It takes 20 years to build a reputation and five minutes to ruin it! If you think about that, you`ll do things differently
Warren Buffet

For IT staff, understanding compliance requirements can be difficult and frustrating.  IT staff generally are not experts in law and lawyers who are involved in writing the requirements are not experts in IT.  The language which described compliance requirements is therefore difficult to align with specific IT requirements.

This problem is compounded by the growing number and diversity of requirements which span different industry sectors and geographical regions. These requirements are constantly evolving.  Where businesses operate internationally they will likely be subjected to different compliance requirements concurrently.

Global Basel, COBIT, COSO, ISO 19779/27001, ITIL, PCI DSS
North America CMMI, GLBA, HIPPA, PIPEDA, SOX
Europe BDSG, Directive 2006/24/EC, Directive 95/46/EC, Data Protection Act-Swiss, Data Protection Act-UK, Euro-SOX, General Data Protection Regulation (GDPR), VDS
Asia-Pacific APP, APRA, CLERP 9, JPIPA, J-SOX, RTI
Latin America Azeredo, Bill 6891/02, Ley Federal de Protección de Datos Personales en Posesión de los Particulares

 

DevOps is breaking down the traditional silos of Development, QA and Operations.  This is leading to a concern that a ‘wild west’ ecosystem will emerge where everyone has access to all production applications and sensitive data.

All modern business stores and processes data.  Much of the stored data is about customers and suppliers and this is sensitive. Most compliance requirements relate to the protection of sensitive data and the safeguards around the changes to software which manipulate that data, this puts IT staff centre stage for compliance accountability.

IT staff are centre stage for compliance accountability
Philippe Magne, Arcad

Best practices plus automation are making compliance easier for IT staff

Compliance best practices are emerging for IT.  These consolidate multiple overlapping compliance requirements into a single set of requirements which are easier for IT staff to follow.  It doesn’t matter if we have to comply with SOX, HIPPA, GDPR or other because of the high level of overlap.  The geography and industry sector may vary but the best practices remain the same.

Auditing It must be possible to audit IT staff activities.  It must also be possible to audit existing software applications for quality and impact of changes.
Authentication Individual members of IT staff must be uniquely and reliably identified.  Unauthorized access must be prevented. IT staff must not have more authority than they need. IT staff must have clear roles so that it is easy to expose abuse cases.
Availability Application availability must be maximized. Most downtime is caused by application failures rather than equipment failure or disaster. Poor code quality and poor testing have been identified as the lead causes of application failures and security breaches.
Change Management Application changes must be carefully managed because they can introduce risks. Fraud generally comes from disgruntled employees.  IT staff must be held accountable for changes made to software applications. Applications must be protected from accidental or malicious changes by IT staff.
Confidentiality Confidential information cannot be exposed to unauthorized IT staff.
Integrity Evidence must be provided to show that sensitive production data has not been accidentally or maliciously modified by IT staff.
Logging Any IT action which might need to be audited must be logged. The logs must resist tampering.

 

Arcad tools span the full scope of IT staff activities and have been built from the start to be compliance ready.  Arcad tools automate the compliance process by design.  Automation is the key to simplifying compliance for IT staff. Arcad tools have been designed to enable IT staff to go about their business unhindered and keep them compliant automatically.

Arcad tools have been designed to enable IT staff to go about their business unhindered and keep them compliant automatically
Philippe Magne, Arcad

White Paper

arcad-for-compliance-solution-white-paper-min
Download
Contact us
Live Support Software
.........................................
Contact us .........................................
Book a demo