IT Governance, Risk, and Compliance

Apr 28 2013   12:08PM GMT

Revisiting the Safeguarding of Information Assets – Part XI



Posted by: Robert Davis
Tags:
Information Assets Protection
Information Security
Information Security Governance
Information Security Management
IT Controls
Security Frameworks

As long as multiple regulatory agencies have government supported agendas, variances can exist that induce comprehensive legal compliance reviews. Primary to multiple decrees control is a thorough analysis of what is required and ensuring quality documentation supporting legal compliance efforts. For example, prerequisite evidentiary requirements may insist on a recorded compliance methodology to justify reducing expected judicial sentencing.

Managements response to applicable laws and regulations vary based on legal, operational and technological alignment interpretations.  However, an entity’s ISG legal compliance system should include:

  • Risk assessments
  • Appropriate authority
  • Adequate resource allocations
  • Policies to prevent or detect illegal acts
  • Standards to prevent or detect illegal acts
  • Procedures to prevent or detect illegal acts
  • Personnel screening correlated to program goals
  • Program training at all employee levels
  • Non-retaliatory internal reporting systems
  • Incentives to motivate employee compliance
  • Discipline to promote employee compliance
  • Responsibilities assignments at all employee levels
  • Program effectiveness audits, monitoring, evaluations and reporting
  • Incidence prevention procedures deployment for similar repeat violations
  • Incidence response procedures deployment for equivalent repeat violations

Source:

Apgar, Chris. “Complying with multiple regulations and contending with conflicts.” Search400.com, September 6, 2005.  http://search400.techtarget.com/tip/0,289483,sid3_gci1122854,00.html (accessed April 21, 2008).

U.S. Sentencing Commission. “Chapter 8 – Part B – Remedying Harm from Criminal  Conduct, and Effective Compliance and Ethics Program §8b2.1.” In Federal Sentencing Guidelines for Organizations. Washington, DC: Government Printing Office, 2007. http://www.ussc.gov/2007guid/8b2_1.html (accessed May 7, 2008).

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: