Welcome to TechNet Blogs Sign in | Join | Help

BillCan's Place

Life at Microsoft
Regulatory Compliance Question

For those IT security pros out there, a question:  has the increase focus on regulatory compliance (SOX, HIPAA, etc.) been an overall positive or negative for you?

I am wondering if your companies/clients are using compliance as a reason to fund projects that they should have been doing all along (e.g., automated user lifecycle management, strong(er) authentication, more effective change management, etc.), or are they focusing on just doing enough to get by (e.g., wrangling tons of reports for the auditors so they can get a signoff, documenting lots of manual processes, etc.)

I really appreciate your feedback on this topic...

Posted: Tuesday, February 22, 2005 12:17 PM by BillCan
Filed under:

Comments

Mr P said:

the healthcare company I'm working for are doing as little as possible to implement Hipaa, they probably spend more on the legal dept to make sure that they can't be touched for that, rather than spend the money to implement the system right in the first place.

# February 22, 2005 2:06 PM

Adam Field (Content Master Ltd) said:

When i worked at a FTSE 500 mortgage company a few years back, we were pushing the implementation of BS7799.

Any IT projects that even remotely touched on compliance related bits were pushed through under the 7799 banner without argument - including ones that had previously been rejected by management as unnecessary.
# February 23, 2005 8:21 AM

Gary Hinson (NoticeBored) said:

Overall positive.

There has been a significant increase in demand for IT auditors as a result of the compliance issue, both from the Big 6 -> 5 -> 4 and from their clients.

Cynics have been saying for years that nothing much would change on infosec unless organizations were forced by law to do something. Seems they were correct.
# March 14, 2005 3:40 AM

Windows Security Blogs » Blog Archive » Regulatory Compliance Question said:

PingBack from http://winblogs.security-feed.com/2005/02/22/regulatory-compliance-question/

# March 13, 2007 6:53 PM
Anonymous comments are disabled
Page view tracker