IT Compliance 2017-11-09T17:18:25+00:00

IT Compliance Picto

IT Compliance

3 Sure steps to Compliance

Take the doubt out of your Audit process

ARCAD for Compliance White Paper

ARCAD for Compliance

White Paper

Compliance is a hot issue for IT staff and for good reason. Data and applications have become a pervasive component of modern business and these have become a subject of new and diverse compliance requirements. Failure to comply could mean fines, penalties, loss of trust, even imprisonment.

Download the White Paper

Compliance requirements can be complex and confusing for IT staff

As if IT staff didn’t have enough to worry about.  They also have to ensure that they adhere to an abundant, confusing and ever changing array of industry and regional compliance requirements.  An increasingly difficult task in today’s decentralized, multi-platform and mobile world with an ever faster software delivery mandate.

Data and applications have become a pervasive component of modern business and these have become a subject of new and diverse compliance requirements.  Failure to comply could mean fines, penalties, loss of trust, even imprisonment.  At the same time applications themselves have become more complex which increases the chances of ‘dropping the ball’ when it comes to compliance.

It takes 20 years to build a reputation and five minutes to ruin it! If you think about that, you`ll do things differently

Warren Buffet

Understanding compliance requirements can be difficult and frustrating

IT staff generally are not experts in law and lawyers who are involved in writing the requirements are not experts in IT.  The language which described compliance requirements is therefore difficult to align with specific IT requirements. This problem is compounded by the growing number and diversity of requirements which span different industry sectors and geographical regions. These requirements are constantly evolving.  Where businesses operate internationally they will likely be subjected to different compliance requirements concurrently.

Global Basel, COBIT, COSO, ISO 19779/27001, ITIL, PCI DSS
North America CMMI, GLBA, HIPPA, PIPEDA, SOX
Europe BDSG, Directive 2006/24/EC, Directive 95/46/EC, Data Protection Act-Swiss, Data Protection Act-UK, Euro-SOX, General Data Protection Regulation (GDPR), VDS
Asia-Pacific APP, APRA, CLERP 9, JPIPA, J-SOX, RTI
Latin America Azeredo, Bill 6891/02, Ley Federal de Protección de Datos Personales en Posesión de los Particulares

DevOps is breaking down the traditional silos of Development, QA and Operations

This is leading to a concern that a ‘wild west’ ecosystem will emerge where everyone has access to all production applications and sensitive data.

All modern business stores and processes data.  Much of the stored data is about customers and suppliers and this is sensitive. Most compliance requirements relate to the protection of sensitive data and the safeguards around the changes to software which manipulate that data, this puts IT staff centre stage for compliance accountability.

IT staff are centre stage for compliance accountability

Philippe Magne, Arcad
Auditing It must be possible to audit IT staff activities.  It must also be possible to audit existing software applications for quality and impact of changes.
Authentication Individual members of IT staff must be uniquely and reliably identified.  Unauthorized access must be prevented. IT staff must not have more authority than they need. IT staff must have clear roles so that it is easy to expose abuse cases.
Availability Application availability must be maximized. Most downtime is caused by application failures rather than equipment failure or disaster. Poor code quality and poor testing have been identified as the lead causes of application failures and security breaches.
Change Management Application changes must be carefully managed because they can introduce risks. Fraud generally comes from disgruntled employees.  IT staff must be held accountable for changes made to software applications. Applications must be protected from accidental or malicious changes by IT staff.
Confidentiality Confidential information cannot be exposed to unauthorized IT staff.
Integrity Evidence must be provided to show that sensitive production data has not been accidentally or maliciously modified by IT staff.
Logging Any IT action which might need to be audited must be logged. The logs must resist tampering.

Arcad tools span the full scope of IT staff activities and have been built from the start to be compliance ready.  Arcad tools automate the compliance process by design.  Automation is the key to simplifying compliance for IT staff. Arcad tools have been designed to enable IT staff to go about their business unhindered and keep them compliant automatically.

Arcad tools have been designed to enable IT staff to go about their business unhindered and keep them compliant automatically

Philippe Magne, Arcad

DOT Anonymizer & ARCAD Code Checker

Contact us
Live Support Software
.........................................
Contact us .........................................
Book a demo
Request a demo