Executive Guides

IT governance and legal compliance strategies for CIOs

Between IT-related laws and governance regulations, IT executives today deal with more legal issues than ever before. These issues include compliance regulations, privacy rules and data protection. This Executive Guide provides resources to help CIOs learn more about the technology solutions needed to combat the growing number of legal issues affecting organizations today.

This Executive Guide is part of the SearchCIO Executive Guide series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of topics covered to date visit the Executive Guide section.

Table of contents

  Staffing for ongoing legal and ethical issues
  Table of Contents

The number of ethical issues that need to be managed by companies has become increasingly complex during the past few years, and an ethics officer can make sure that a company really follows the policies, guidelines and ethical standards that it promotes. Nothing is worse than a company that does not follow what it preaches to its employees and customers. Ethics officers can also help employees at all levels of the organization make correct decisions in difficult situations, which can be helpful to some who may not have had ethics education in school or at previous employers. This is especially true for IT security personnel because of their access to sensitive information as well as the responsibility to protect it.

Here are some specific reasons why enterprises should consider having an ethics officer:

  • To provide assistance with meeting regulatory compliance: An ethics officer can work with the company's top brass to make sure that they are compliant with legislation such as the Sarbanes-Oxley Act (SOX). A survey of business executives by New York-based PricewaterhouseCoopers LLP indicates that SOX accounts for 54% of total compliance spending, which added up to more than $6 billion in 2005. An ethics officer can develop and implement ethics training programs for the company as well as monitor their effectiveness so top management can measure the results.
  • To improve the company's reputation and public perception: In the last few years, some companies' reputations have been tarnished by scandals and other misdeeds. To help bring them out of the muck, some companies such as MCI have hired an ethics officer to rebuild their reputation with employees, regulators and the general public. Fortunately for MCI, after much hard work it was able to turn the corner and has been re-listed on Nasdaq. However, proactively hiring an ethics officer before there is trouble will help mitigate problems from occurring in the first place.
  • To provide a mechanism for reporting issues: The United States Sentencing Commission and the Federal Sentencing Guidelines recommend companies have nonretaliatory systems in place for reporting misconduct. Creating and implementing an infrastructure for reporting and managing ethical issues and inquiries is something for which an ethics officer is responsible. These systems could include email addresses, anonymous phone and fax numbers, and Web contact pages.

Joe Malec is a security analyst at St. Louis-based Enterprise Rent-A-Car Co., specializing in compliance and application security. He is also the president of the St. Louis chapter of the Information Systems Security Association and serves on the ISSA International Ethics Committee.

  Glossary
  Table of Contents
  General legal, regulatory and compliance issues
  Table of Contents
  Sarbanes-Oxley Act
  Table of Contents
  HIPAA
  Table of Contents
  Security and privacy issues
  Table of Contents
  Security and privacy issues
  Table of Contents

This was first published in November 2006

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: