Managing Compliance and Regulation : A Primer

There is a growing pressure for CIOs, in both private and public sector organisations, to pay greater attention to IT compliance. Increased focus on compliancy standards such as Sarbanes Oxley or ISO means that CIO’s must conform and adhere to rigorous guidelines in order to maintain certifications.

When it comes to data centre compliance, in particular, many organisations are struggling to keep up with the ever changing regulatory landscape.

Companies are now beginning to recognise that the cost of a failure to comply is high: it can lead to negative publicity, financial penalties and legal disputes.

However, the cost of compliance is an unfunded mandate that can cause a headache for the IT department because of the new specific requirements it brings without any increase in revenue to offset the cost, which means that there is pressure to achieve compliance as cost-effectively as possible.

This pressure to keep the cost of compliance down, along with other factors, is leading CIOs to consider a managed service approach to help them meet regulatory requirements.

For example, regulations may stipulate a new requirement for specific capabilities or outcomes that the organisation’s existing IT team does not have the resources or expertise to fulfil. Commonly executives are in need of enhanced levels of reporting to ensure business service levels have been met.

They may also require help defining a narrow range of ways these outcomes can be accomplished or with meeting requirements to report compliance proactively, successfully pass audits and retain evidence of this.

Companies considering adopting the managed services route should choose a service provider which already has the processes, tools and skills required to comply and report. Correct level of market focus is key.

CIO’s should look for suppliers that can show references of happy customers that are not being forced into a cookie-cutter model. Demanding proven consulting ability from the managed service provider is also fundamental to a successful relationship.

Ensuring that the provider is able to not only manage current state infrastructure, but help define future state strategy and own “transformation whilst performing” is crucial. Using the right managed service provider can help to drive down an organisation’s entire infrastructure management, which can help to limit the financial burden of compliance.