It’s no secret that compliance regulations have expanded in scope and multiplied in the last few years. New survey results from the Information Systems Audit and Control Association (ISACA) show IT and the rest of the business may be paying attention.
Regulatory compliance was predicted to be the top business issue affecting enterprise information technology in the next 12 months, according to ISACA’s Top Business/Technology Issues Survey Results 2011 report.
“The increase in regulations, data breaches and new technologies such as cloud computing and the rise of personal technology in the workplace are accelerating complexity and risk,” according to an ISACA statement. The problem is exacerbated as enterprises try to manage growth while dealing with the growing number of compliance regulations and standards.
The key business issues affecting IT, according to the survey’s findings, are:
- Regulatory compliance
- Enterprise-based IT management and governance
- Information security management
- Disaster recovery/business continuity
- Challenges of managing IT risks
- Vulnerability management
- Continuous process improvement and business agility
ISACA also noted that new or changed regulations expected to impact enterprise IT in the next 12 to 18 months include the Basel standard for internationally active banks; the Dodd-Frank Wall Street Reform and Consumer Protection Act; regulations related to personally identifiable information; Do Not Track mechanisms for consumers; Solvency II regulatory requirements for insurance firms; and meaningful use standards established by the Health Information Technology for Economic and Clinical Health Act. The report also pointed to “an overall tightening of tax and privacy regulations worldwide.”
The key technology areas that respondents felt would be most important to regulatory compliance include the implementation of technology to support segregation of duties, privileged access monitoring and management of the compliance process.
As enterprises face the need to comply with multiple regulations and standards, they implement automated solutions to track and report upon the varying compliance controls in an attempt to make the compliance process more efficient, according to ISACA. This can cause headaches: The costs associated with managing and implementing systems to protect companies from the loss of personally identifiable information were among the top concerns mentioned by survey respondents.
And the concerns don’t end there: Technology trends such as cloud computing, mobile devices and social media will also impact the issues discussed above. As ISACA noted, these technologies will increasingly become part of an enterprise’s architecture and surely impact areas such as business continuity, IT risk, regulatory compliance and information security.
The number of data breaches still in the news shows that, despite the increase in regulations, not enough is being done. The slew of new regulations is ultimately aimed at trying to help protect companies and their customers — and having a sound compliance management strategy in place would benefit both of these groups.