How do you architect for regulatory compliance?

The Essentials of Regulatory Compliance – a roadmap you can’t ignore!

Canadian IT Manager — Fri, 28 Apr 2006 16:01:54 GMT

It's looming and you can't ignore it. What am I blogging about? Regulatory Compliance. So take the time...

re: How do you architect for regulatory compliance?

Barnaby_Jeans — Fri, 17 Feb 2006 21:47:31 GMT

Adam asked the question about whether Microsoft has a suite of tools that we use internally.

I'm investigating this with some of our teams at HQ and will let you know what I find out.

Barnaby

re: How do you architect for regulatory compliance?

Adam Cole — Fri, 27 Jan 2006 06:44:46 GMT

Hello All, Hello Stephen,

In October past our local CIPS chapter (Toronto) held a CIO roundtable on IT Governance. I believe many readers may find the discussion that took place enlightening, hopefully even helpful. There were a few key take home messages for me. I feel the following points are just as relevant to compliance as they are to good governance:

• “Governance means fundamentally different things to different people.” This is equally true for compliance. I find I am frequently trying to balance architecting for the “stringent” auditor versus architecting to meet the “spirit” of the regulatory guidance.

• “IT and corporate governance should not be treated as separate entities.” Certainly the same can be said for compliance. There is simply too much waste if IT compliance is not framed and managed within the confines of corporate compliance.

• “The policing role of IT is a given. CIOs need to accept it, and move beyond it.” …And here I was thinking policing was the fun part of my job.

• “In actual fact, most such regulations aren’t even focused on IT, but on transparency and accountability in financial reporting. Still, CIOs are bearing the brunt of regulatory compliance requirements as companies look to IT to provide solutions.”

You can find the event proceedings (i.e. summarized minutes) here:
http://www.browngovernance.com/Publications/cioRoundtableProceedingsFINAL.pdf

I think many readers will also find helpful the many tangents that address what the group felt would be critical skills for future CIOs.

And finally, before I sign-off, let me take the opportunity in this public forum to congratulate you Stephen on your recent hat-trick of awards. Way to go!

Cheers,
Adam

re: How do you architect for regulatory compliance?

Stephen Ibaraki — Thu, 26 Jan 2006 06:31:34 GMT

Hi Adam,

It's good to see you here. Do you have added insights to share from your experiences?

Thank you,
Stephen Ibaraki

re: How do you architect for regulatory compliance?

Adam Cole — Sun, 22 Jan 2006 21:49:51 GMT

This paper has some excellent ideas for managing the multiple sets of regulations that apply to any large/public company. I will be forwarding it to our manager of corporate security and IT compliance.

I wonder, does Microsoft have any thoughts of making publicly available the suite of tools they use internally? Would others find value in this?