Compliance management in the context of information technology refers to the development and maintenance of a comprehensive program that will guarantee that the organization and its employees conduct their operations with a high level of integrity and ethics in accordance with the legal and regulatory requirements (Layton, 2016). This has become a necessity due to the growing government regulations that are driving the centralization of compliance oversight within organizations.
Being the CISO of a large private financial company that is traded on the NY Stock Exchange and tasked by the CIO to develop an IT compliance management program for the organization, I will apply a structured approach. This will allow for identification and prioritization of IT controls and the establishment of a compliance recording system. I will use the seven steps approach that outlines each step in developing and implementing the IT compliance program (Silveira et al., 2012). The regulations that impact the organization are such as establishment of the entire compliance process, documentation of the control framework, placing appropriate compliance management oversight, background checks on employees, training and communication of the IT compliance program, consistent enforcement of the IT environment and measures of preventing and responding to incidents and gaps that may occur in the IT controls.
Delegate your assignment to our experts and they will do the rest.
I would consider using a compliance tool as it forms the benchmark in ensuring that the program is in line with the latest requirements from the regulatory bodies (Spies & Tabet, 2012). I will use the integrated development environments tool that ensures the combination of other various tools in the compliance program. The justification for the expenditure on this tool is based on the fact that the tool combines many features of different IT tools into a single package that makes the work of the program manager much easier and also ensuring that the program remains in line with the changing regulatory requirements.
References
Layton, T. P. (2016). Information Security: Design, implementation, measurement, and compliance . CRC Press.
Silveira, P., Rodríguez, C., Birukou, A., Casati, F., Daniel, F., D’Andrea, V & Taheri, Z. (2012). Aiding compliance governance in service-based business processes. Handbook of Research on Service-Oriented Systems and Non-Functional Properties: Future Directions (pp. 524-548). IGI Global.
Spies, M., & Tabet, S. (2012). Emerging standards and protocols for governance, risk, and compliance management. Handbook of research on e-business standards and protocols: Documents, data and advanced web technologies (pp. 768-790). IGI Global.
