Q

How do we make sense of vendors pitching compliance products?

Is there any way to make sense of vendors pitching compliance products? Should we be looking to software vendors to provide tools to help us maintain regulatory compliance?

The potential downside of compliance errors has struck fear with CFOs, CEOs, and now CIOs, so it is no surprise that virtually every software vendor has added a compliance spin to their message. As we approach the 30th anniversary of the Pet Rock phenomenon, caution is in order for those tempted to buy based on packaging rather than functionality. Four simple principles should guide your decisions:

  1. Improved processes for governance, security and privacy can meet many compliance requirements. Nothing beats software for process monitoring, management and reporting, so a complete solution will be software-aided if not software-centric.
  2. No application is a substitute for vigilance. Software should be part of the solution, but human processes are critical. Beware of IT solutions that promise too much.
  3. Everything that can be audited should be audited. Well, that might not be true, but it is likely to be the position of your auditors, who tend to be a conservative bunch. Our position is that all data used to manage your business should be created and managed by processes - including the software and people involved - that may be audited if desired. Tools are available to audit databases, and enterprise applications now offer auditing features, so this should be a requirement for all new systems.
  4. The basic rules for vendor due diligence have not changed with the advent of compliance requirements. Exercise caution when dealing with new vendors, but don't rule them out based solely on size or longevity. Partial solutions for compliance problems are coming from established players and upstarts, and neither has a monopoly on innovation. Stick to the fundamentals when evaluating technical merit and business viability. The new requirement is to involve the appropriate domain experts from finance and legal when the regulations make their inclusion in the review process appropriate.
This was first published in April 2005

Dig deeper on Data center hosting, outsourcing and colocation

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchWindowsServer

SearchEnterpriseLinux

SearchServerVirtualization

SearchCloudComputing

Close