Ask the Expert

How do we make sense of vendors pitching compliance products?

Is there any way to make sense of vendors pitching compliance products? Should we be looking to software vendors to provide tools to help us maintain regulatory compliance?

Requires Free Membership to View

The potential downside of compliance errors has struck fear with CFOs, CEOs, and now CIOs, so it is no surprise that virtually every software vendor has added a compliance spin to their message. As we approach the 30th anniversary of the Pet Rock phenomenon, caution is in order for those tempted to buy based on packaging rather than functionality. Four simple principles should guide your decisions:

  1. Improved processes for governance, security and privacy can meet many compliance requirements. Nothing beats software for process monitoring, management and reporting, so a complete solution will be software-aided if not software-centric.
  2. No application is a substitute for vigilance. Software should be part of the solution, but human processes are critical. Beware of IT solutions that promise too much.
  3. Everything that can be audited should be audited. Well, that might not be true, but it is likely to be the position of your auditors, who tend to be a conservative bunch. Our position is that all data used to manage your business should be created and managed by processes - including the software and people involved - that may be audited if desired. Tools are available to audit databases, and enterprise applications now offer auditing features, so this should be a requirement for all new systems.
  4. The basic rules for vendor due diligence have not changed with the advent of compliance requirements. Exercise caution when dealing with new vendors, but don't rule them out based solely on size or longevity. Partial solutions for compliance problems are coming from established players and upstarts, and neither has a monopoly on innovation. Stick to the fundamentals when evaluating technical merit and business viability. The new requirement is to involve the appropriate domain experts from finance and legal when the regulations make their inclusion in the review process appropriate.

This was first published in April 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: