Integrated Compliance Framework for Data Processing Applications

Abstract

The consumerization and decentralization of information in the last fifteen to twenty years have introduced new challenges that data processing companies must cope with in an effort to survive. To remain compliant in this ever changing business environment, companies‘ internal information technology controls around policies, processes, and systems must be mapped across regulations, standards, industry mandates, and best practices. Publicly traded businesses have struggled for years to keep-up with the virtual alphabet soup of compliance requirements resulting from new regulations and/or industry mandates. They have, in many cases, built costly and ineffective models to remain in compliance each time a new regulation, a new industry mandate, or a new vulnerability surfaces. The "Integrated Compliance Framework for Data Processing Applications" makes this whole complex compliance process much easier by focusing on the commonalities in the regulations, standards, and guidelines. It harmonizes controls across the information technology industry to significantly reduce the cost associated with meeting compliance and security requirements effectively and efficiently. It aligns key technical controls with specific requirements that most companies must comply with. Companies facing multiple regulations such as the Sarbanes Oxley Act of 2002, privacy requirements based on the Health Insurance Portability and Accountability Act, Payment Card Industry Data Security Standards mandates, Customer Proprietary Network Information regulation, Personal Identifiable Information regulation, etc. can immediately streamline their compliance measurement processes on a single platform. This framework facilitates the institutionalization of compliance in the core components of the business model. It allows organizations to focus on a strategic plan to comply with multiple regulatory bodies using the same team, tools, and funding. To this end, the framework assists with: mapping the overlap between multiple regulations and mandates, creating a critical control list for each impact zone, and clarifying any conflicts created by overlapping regulation and mandates. A robust, systemic, integrated, and well architected compliance framework can help companies comply with complex regulation, as well as spur productivity, enhance customer service, and boost return on technology investment.