 |
||||
|
|
|||
|
||||
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to SearchSecurityChannel.com you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of SearchSecurityChannel.com is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
As a systems integrator (SI) or value-added reseller (VAR), you have undoubtedly witnessed the first-hand impact of the Sarbanes-Oxley Act, HIPAA, FDA 21 CFR Part 11, SAS 70, GLBA and other legislative requirements on your customers' IT departments. Whether you secure enterprise assets or integrate corporate databases, chances are that compliance impacts your customer pool and service delivery – and it's only going to get worse. Regulatory impact is on the rise, especially at organizations with global presence. In the current environment of outsourcing, deregulation, global business models and mega mergers, the newest wave of global compliance could be your next frontier of competitive advantage – should you choose to accept the challenge, of course!
International compliance standards like Basel II that are designed for effective management of credit and operational risk, are becoming a necessity for U.S. banks with European connections. For that matter, U.S. companies seeking partnerships with overseas investors and foreign markets need to integrate an entirely new global financial reporting language – known as International Financial Reporting Standards (IFRS) – as their global accounting framework. The Norwalk Accord of 2002 offers to converge IFRS with U.S. Generally Accepted Accounting Principles (GAAP), so SIs and VARs have an opportunity to provide products, solutions and services centered on implementing the converging standards.
The relentless deluge of compliance-related pressure from overseas regulators is impacting U.S. companies' tactical and strategic initiatives as new and emerging standards affect industries with a global reach. For example, Solvency II to be introduced this year by the European Union Commission, will impact insurance companies in the U.S. due to the global nature of the industry. There are both short term opportunities requiring technical tweaks and enhancements, and long term strategic initiatives related to unifying compliance and creating transition plans.
Here are a few ways you can capitalize on the trend toward international and U.S. regulatory compliance convergence:
- Gain international regulatory compliance knowledge
Visit the International Compliance Association and The Governance, Risk Management and Compliance Global Rules Information Database to develop your understanding of regional or country-specific regulations such as the following: - EU Directive on Data Protection
- UN Guidelines for Regulation of Computerized Personal Data Files
- Canada's Personal Information Protection and Electronic Documents Act
- UK's Turnbull Guidance on Internal Controls
- France's Data Protection Act
- Australia's Spam Act of 2003
- India Information Privacy Act
- Japan Guidelines
for Personal Data Protection in Electronic Commerce
- Add international to your compliance practice
Enhance your practice by including international compliance as part of your core expertise. Market that as your competitive advantage. - Gather country or regional compliance knowledge
Although many countries have similar regulations such as the one for protecting the privacy of consumers, the details, protocols and nuances of reporting vary from country to country. - Know the industry
Compliance varies by industry. One could say generally that what Basel II is for the banking industry, Solvency II is for the insurance industry. Focus on an industry, and understand its specific requirements. - Hire compliance and IT experts
Augment your practice with key experts and practitioners (with certifications like CISA, CISM, CISSP who understand global compliance and technology.In the next article in this series on international regulatory compliance, we will introduce you to a few key international regulations and explain how you can unify your customers' compliance initiatives by using an integrated approach.
About the author
Tony Giroti, CISA®, is the chairman of BrookEdge Technologies. BrookEdge provides IT governance, IT assessment and compliance solutions and services to U.S. and global companies requiring regulatory compliance expertise and deep technical knowledge. Tony has 20 years of experience in IT and has consulted with many Fortune and Global 100 companies. He has also founded three software and hardware companies in the areas of data warehousing, enterprise architecture, wireless and compliance. He is a frequent presenter at many IT, compliance and security related conferences and has published numerous white papers, articles and patents in this space.
This was first published in June 2007