次の方法で共有


Regulatory Compliance Question

During my career, I have been on three sides of the SOX issue:

  1. At Ernst & Young I was worried about how to audit for SOX compliance
  2. At my previous employer I was an application owner that had to fill out the SOX compliance questionnaires and ensure my application had appropriate controls in order comply with the regulations (and pass the audit!)
  3. Now I work for a technology company that is in a position to offer solutions that can help make it easier for companies to comply with SOX and other regulations

This leads me to a question: For those of you out there that are dealing with SOX, GLBA, etc., what would make your task easier?  My group is looking at what Microsoft could do to make the task of compliance less burdensome, and would really like your input.  By the way, answering "Provide an extra headcount to fill out questionnaires" is not something Microsoft can do! ;-)

You can respond by either sending me a note using the "Contact" link or post a comment to this post.  Thanks for your input!

Comments

  • Anonymous
    January 01, 2003
    PingBack from http://winblogs.security-feed.com/2005/02/22/regulatory-compliance-question/

  • Anonymous
    January 05, 2005
    The comment has been removed

  • Anonymous
    February 22, 2005
    the healthcare company I'm working for are doing as little as possible to implement Hipaa, they probably spend more on the legal dept to make sure that they can't be touched for that, rather than spend the money to implement the system right in the first place.

  • Anonymous
    February 23, 2005
    When i worked at a FTSE 500 mortgage company a few years back, we were pushing the implementation of BS7799.

    Any IT projects that even remotely touched on compliance related bits were pushed through under the 7799 banner without argument - including ones that had previously been rejected by management as unnecessary.

  • Anonymous
    March 14, 2005
    Overall positive.

    There has been a significant increase in demand for IT auditors as a result of the compliance issue, both from the Big 6 -> 5 -> 4 and from their clients.

    Cynics have been saying for years that nothing much would change on infosec unless organizations were forced by law to do something. Seems they were correct.