Organizations have faced legal and regulatory requirements for literally decades. However, IT compliance is relatively young.
U.S. healthcare organizations reacted with alarm over the passage of the Health Insurance Portability and Accountability Act (HIPAA) of 1996. The U.S. financial organizations soon followed suit with their reaction to the passage of the Gramm Leach Bliley Act (GLBA), also known as the Financial Modernization Act, of 1999. But probably the biggest whammy felt by the largest numbers of organizations was the passage of the Sarbanes Oxley (SOX) Act of 2002.
There have been many data protection laws that have been enacted since around 1995 throughout the world. Organizations now must follow specific requirements to protect information and the IT infrastructures that process and house the data.
In addition to these laws, there is now a new trend to require organizations that perform certain activities, such as processing credit cards, to have very specific data protection practices implemented. The perfect example of this is the Payment Card Industry (PCI) Data Security Standard (DSS). Although this standard is not a law, it is a contractual requirement for processing credit cards from Visa, MasterCard, American Express, and others.
Protecting information is no longer just a good idea; it is a legal requirement that is best accomplished by using proven, internationally accepted, data management frameworks. Frameworks support compliance.
Information Technology Infrastructure Library (ITIL) offers best practice approaches to facilitate the delivery of high-quality information technology (IT) services, the earliest version of which was released in 1985. ITIL is a framework that supports compliance with a wide range of laws and regulations.
Chapter 4 of my free ebook, “The Shortcut Guide to Improving IT Service Support through ITIL” was just made available. Within this chapter, “Supporting Compliance Through ITIL,” I detail how ITIL can be used to make IT compliance activities more efficient and effective.
This is my favorite chapter of the book. I believe organizations will be able to use it to help their management understand the value of ITIL, and how ITIL can be good for business while supporting compliance.
You can download it from here.
I welcome your feedback; I’d really like to know what you think!
Tags: awareness and training, GLBA, HIPAA, Information Security, IT compliance, ITIL, PCI, policies and procedures, privacy, privacy policy, risk management, security awareness, security training, SOX