This whole concept of "compliance" is rather nebulous and fuzzy. I see different vendors referencing it in different ways. I hear different practitioners worrying about different things. I wanted to speak with some IT compliance professionals with significant experience to see how they are handling this "compliance" responsibility. I wanted to get the viewpoint of not only a practitioner responsible for an organization’s compliance efforts, but also a consultant who has worked with a wide range of organizations to see where the compliance efforts, successes and challenges are greatest. On April 17, I had the opportunity to speak with two such folks, Chris Pick, Vice President of Corporate Strategy at NetIQ, and Wayne Crane, CIO, also from NetIQ, about a wide range of compliance issues, and what‚Äîfrom their perspectives and based on their experiences‚Äîthey believe businesses need to know about the whole concept of compliance. As a publicly traded company, NetIQ must meet the same strict regulatory requirements, such as SOX, as many other organizations, so it was interesting to hear their thoughts.
I posted my interview with Chris and Wayne in the Realtime IT Compliance reading room, "What Businesses Need to Know About Compliance." See their thoughts on:
- What "compliance" means to businesses
- International compliance approaches
- Industry-specific compliance challenges
- The most challenging compliance areas
- The use of frameworks, such as ITIL, for compliance
- The most challenging regulation for compliance
- What executives need to know about compliance
- Budgeting for compliance
- Using automation for compliance
- The single most important compliance activity
- The importance of executive support for compliance activities