 |
|
|
| Project Guides:
Regulatory Compliance Services:
|
|
|
|
|
|
|
Understanding Technology Regulations
|
|
|
SECURITY MANAGEMENT
Global compliance services a competitive advantage for resellers
Tony Giroti
06.21.2007
Rating: --- (out of 5)
|
As a systems integrator (SI) or value-added reseller (VAR), you have undoubtedly witnessed the first-hand impact of the Sarbanes-Oxley Act, HIPAA, FDA 21 CFR Part 11, SAS 70, GLBA and other legislative requirements on your customers' IT departments. Whether you secure enterprise assets or integrate corporate databases, chances are that compliance impacts your customer pool and service delivery – and it's only going to get worse. Regulatory impact is on the rise, especially at organizations with global presence. In the current environment of outsourcing, deregulation, global business models and mega mergers, the newest wave of global compliance could be your next frontier of competitive advantage – should you choose to accept the challenge, of course!
International compliance standards like Basel II that are designed for effective management of credit and operational risk, are becoming a necessity for U.S. banks with European connections. For that matter, U.S. companies seeking partnerships with overseas investors and foreign markets need to integrate an entirely new global financial reporting language – known as International Financial Reporting Standards (IFRS) – as their global accounting framework. The Norwalk Accord of 2002 offers to converge IFRS with U.S. Generally Accepted Accounting Principles (GAAP), so SIs and VARs have an opportunity to provide products, solutions and services centered on implementing the converging standards.
The relentless deluge of compliance-related pressure from overseas regulators is impacting U.S. companies' tactical and strategic initiatives as new and emerging standards affect industries with a global reach. For example, Solvency II to be introduced this year by the European Union Commission, will impact insurance companies in the U.S. due to the global nature of the industry. There are both short term opportunities requiring technical tweaks and enhancements, and long term strategic initiatives related to unifying compliance and creating transition plans.
Here are a few ways you can capitalize on the trend toward international and U.S. regulatory compliance convergence:
Gain international regulatory compliance knowledge
Visit the International Compliance Association and The Governance, Risk Management and Compliance Global Rules Information Database to develop your understanding of regional or country-specific regulations such as the following:
EU Directive on Data Protection
UN Guidelines for Regulation of Computerized Personal Data Files
Canada's Personal Information Protection and Electronic Documents Act
UK's Turnbull Guidance on Internal Controls
France's Data Protection Act
Australia's Spam Act of 2003
India Information Privacy Act
Japan Guidelines for Personal Data Protection in Electronic Commerce
Add international to your compliance practice
Enhance your practice by including international compliance as part of your core expertise. Market that as your competitive advantage.
Gather country or regional compliance knowledge
Although many countries have similar regulations such as the one for protecting the privacy of consumers, the details, protocols and nuances of reporting vary from country to country.
Know the industry
Compliance varies by industry. One could say generally that what Basel II is for the banking industry, Solvency II is for the insurance industry. Focus on an industry, and understand its specific requirements.
Hire compliance and IT experts
Augment your practice with key experts and practitioners (with certifications like CISA, CISM, CISSP who understand global compliance and technology.
In the next article in this series on international regulatory compliance, we will introduce you to a few key international regulations and explain how you can unify your customers' compliance initiatives by using an integrated approach.
About the author
Tony Giroti, CISA®, is the chairman of BrookEdge Technologies. BrookEdge provides IT governance, IT assessment and compliance solutions and services to U.S. and global companies requiring regulatory compliance expertise and deep technical knowledge. Tony has 20 years of experience in IT and has consulted with many Fortune and Global 100 companies. He has also founded three software and hardware companies in the areas of data warehousing, enterprise architecture, wireless and compliance. He is a frequent presenter at many IT, compliance and security related conferences and has published numerous white papers, articles and patents in this space.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurityChannel.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
|
|
|
| TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of . |
|
| |
All Rights Reserved, , TechTarget |
|
|
|
|
|
