Few days back IT Policy Compliance Group publicize the availability of its latest benchmark research report titled “Why Compliance Pays: Reputations and Revenues at Risk.” The report clearly demonstrates 9 in 10 organizations are exposed to financial risk from data lost or data stolen due to not leveraging compliance and IT governance procedures. It further reports organizations with the best IT compliance results have the least business downtime from IT security events. The benchmark research also goes on to reports that chance of loosing or stealing of data is once every three years or sooner for compliance laggards, compared to once every 42 years or later for compliance leaders.
Data management plays a significant role in any organization but if not properly maintained there is severe chance of data loss or stolen which might impact the organizations’ reputation and financial risk, but same can be reverse by implementing proper compliance management procedures and control tools. It is having said that percentage of data loss or data stolen risk value is quite high than the amount spent on compliance and data protection financial value. The returns on investment in compliance for larger enterprises starting at 1,000 percent and improving to 100,000 percent, good compliance pays for itself.
The research shows that successful firms, those with the fewest data losses and thefts, are driving operational excellence in IT by improving compliance results, especially in IT general controls and IT security controls and procedures. More notable, the benchmarks show the least data loss among firms that are monitoring and measuring controls against objectives consistently, at least once every two weeks.
“An effective IT governance process with concise IT control objectives, along with the right mix of built-in IT controls, allow businesses to set policies and measure against those policies in a consistent manner,” said Everett C. Johnson, CPA, International President of ISACA and the IT Governance Institute. “By creating a measurable and repeatable IT compliance program, businesses are able to adequately produce data and ensure a high level of compliance.”
Based on what is working among organizations with the fewest data losses, the IT Policy Compliance Group report identifies several practices that can assist businesses with improving IT compliance results, reduce business downtime, and reduce data loss and theft. These steps include:
• Implementing more and appropriate IT controls
• Reducing control objectives, making it easier to communicate, measure and report against
• Establishing higher standards for performance objectives
• Encouraging a culture of operational excellence in IT
• Conducting monitoring, measurement and reporting of controls against objectives at least once every two weeks
• Allocating more spend to controls automation
In addition to spending larger percentages of the IT budget on IT security controls, the firms with the fewest undisclosed latent data losses and least number of compliance deficiencies are reallocating monies away from external contract spend towards additional funding of equipment and software, specifically targeted at automating the monitoring and measurement of controls and procedures.
ComplianceHome.com is the online regulatory compliance portal focused on delivering the latest news, events, white papers, webinar, audio conference, seminars, articles, products and vendors, and jobs related to compliance of HIPAA, SOX, FISMA, GLBA, FFIEC, FDA, Basel II, OSHA and ISO 17799.
We request all professionals to contribute to this site to make it the biggest compliance library of resources. If you have articles, white papers, conferences, events, seminars, online training, news, compliance related training or have web content we should link to, that you believe our visitors would find of interest, please visit any of our submit pages and submit your information. (We will review your content before it is included in the site).