The potential downside of compliance errors has struck fear with CFOs, CEOs, and now CIOs, so it is no surprise...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
that virtually every software vendor has added a compliance spin to their message. As we approach the 30th anniversary of the Pet Rock phenomenon, caution is in order for those tempted to buy based on packaging rather than functionality. Four simple principles should guide your decisions:
- Improved processes for governance, security and privacy can meet many compliance requirements. Nothing beats software for process monitoring, management and reporting, so a complete solution will be software-aided if not software-centric.
- No application is a substitute for vigilance. Software should be part of the solution, but human processes are critical. Beware of IT solutions that promise too much.
- Everything that can be audited should be audited. Well, that might not be true, but it is likely to be the position of your auditors, who tend to be a conservative bunch. Our position is that all data used to manage your business should be created and managed by processes - including the software and people involved - that may be audited if desired. Tools are available to audit databases, and enterprise applications now offer auditing features, so this should be a requirement for all new systems.
- The basic rules for vendor due diligence have not changed with the advent of compliance requirements. Exercise caution when dealing with new vendors, but don't rule them out based solely on size or longevity. Partial solutions for compliance problems are coming from established players and upstarts, and neither has a monopoly on innovation. Stick to the fundamentals when evaluating technical merit and business viability. The new requirement is to involve the appropriate domain experts from finance and legal when the regulations make their inclusion in the review process appropriate.
Related Q&A from Adrian Bowles
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.