Although IT managers are already stretched to their limits, they are faced with the growing responsibility for regulatory compliance. Government regulations evolving over the last few years are firmly in place today, and it is falling to the IT managers to make sure safeguards are in place so that corporate data is protected and can be retrieved quickly in cases of litigation.
Two regulations in particular, Sarbanes-Oxley and the FRCPs standard are the focus of attention in IT shops.
Sarbanes-Oxley, also known as SOX, was enacted in 2002 in response to accounting irregularities at energy firm Enron Corp. The law sought to keep track of company finances more closely so that company officials could produce complete financial data more quickly for regulators. Sarbanes-Oxley alone is responsible for 5,000 to 20,000 man hours in 48% of IT shops per year, according to a recent survey by Gartner Inc.
Federal Rules of Civil Procedure(FRCP) were written in 1938 and then re written in 2007. FRCP are rules governing civil procedure in United States district (federal) courts, that is, court procedures for civil suits.. For IT the rules require all companies to know exactly where their electronic documents are stored and to be prepared to make corporate e-mail available to the court in case of a lawsuit. Ina study completed in November 2007 Ninety-four percent of those responsible for e-mail policy do not feel their organization is completely prepared to meet FRCP requirements. Remarkably, the study found that only 38 percent of the respondents said they were even familiar with the changes.
All these rules and regulations mean that more and more data needs to be scrutinized. In fact, roughly 20% of the of data created in 2008 are subject to compliance guidelines, To ensure that organizations are following federal compliance regulations and other safeguards, government agencies regularly send auditors to companies to conduct checks. These auditors, who are becoming increasingly tech-savvy, are asking IT managers some tough questions -- and IT managers must be able to answer them and document the results.
In anticipation of compliance audits, some IT managers are being asked by their employers to sign and certify that their systems are protected against internal and external threats. These signed documents are becoming part of the audit trail when companies are pulled into compliance litigation.
Comport Consulting is uniquely positioned to help you; your IT teams and Legal Counsel implement your required compliance solutions. Through partnership with our vendors such as HP, Symantec, Clearwell and DigitalReef we can either create a standalone infrastructure or optimize your existing infrastructure to prepare your IT environment for compliance.
Symantec Enterprise Vault, the industry leader in email and content archiving, enables users to store, manage, and discover unstructured information across the organization. Using a market proven architecture, Enterprise Vault provides an open, intelligent and manageable approach to improve management, reduce costs and control information risk. With unstructured information consuming a large percentage of storage, Enterprise Vault archives information from messaging, file servers and collaborative systems using powerful storage optimization, classification and retention technologies.
Enterprise Vault will automatically capture, categorize, index and enforce retention policies and secure unstructured information while reducing storage costs and simplifying management.
Symantec Control Compliance Suite (CCS) 9.0 is a group of integrated products that helps you dramatically reduce the cost of managing compliance through process automation. CCS provides the most comprehensive view of risk and compliance posture with a combination of point-in-time controls assessment and real-time monitoring of risks and threats and offers an end-to-end coverage of the IT compliance lifecycle.