IT governance and legal compliance strategies for CIOs |
 |
| 16 Nov 2006 | SearchCIO.com |
|
|
Between IT-related laws and governance regulations, IT executives today deal with more legal issues than ever before. These issues include compliance regulations, privacy rules and data protection. This Executive Guide provides resources to help CIOs learn more about the technology solutions needed to combat the growing number of legal issues affecting organizations today.
This Executive Guide is part of the SearchCIO Executive Guide series, which is designed to give IT leaders strategic guidance and advice that addresses the management and decision-making aspects of timely topics. For a complete list of topics covered to date visit the Executive Guide section. To be alerted when new Executive Guides are available subscribe to the free monthly e-newsletter Executive Guide.
Table of contents
 Expert's Corner
Glossary
General legal, regulatory and compliance issues
Sarbanes-Oxley Act
HIPAA
Email archiving for compliance
Security and privacy issues
More resources
Staffing for ongoing legal and ethical issues
The number of ethical issues that need to be managed by companies has become increasingly complex during the past few years, and an ethics officer can make sure that a company really follows the policies, guidelines and ethical standards that it promotes. Nothing is worse than a company that does not follow what it preaches to its employees and customers. Ethics officers can also help employees at all levels of the organization make correct decisions in difficult situations, which can be helpful to some who may not have had ethics education in school or at previous employers. This is especially true for IT security personnel because of their access to sensitive information as well as the responsibility to protect it.
Here are some specific reasons why enterprises should consider having an ethics officer:
To provide assistance with meeting regulatory compliance: An ethics officer can work with the company's top brass to make sure that they are compliant with legislation such as the Sarbanes-Oxley Act (SOX). A survey of business executives by New York-based PricewaterhouseCoopers LLP indicates that SOX accounts for 54% of total compliance spending, which added up to more than $6 billion in 2005. An ethics officer can develop and implement ethics training programs for the company as well as monitor their effectiveness so top management can measure the results.
To improve the company's reputation and public perception: In the last few years, some companies' reputations have been tarnished by scandals and other misdeeds. To help bring them out of the muck, some companies such as MCI have hired an ethics officer to rebuild their reputation with employees, regulators and the general public. Fortunately for MCI, after much hard work it was able to turn the corner and has been re-listed on Nasdaq. However, proactively hiring an ethics officer before there is trouble will help mitigate problems from occurring in the first place.
To provide a mechanism for reporting issues: The United States Sentencing Commission and the Federal Sentencing Guidelines recommend companies have nonretaliatory systems in place for reporting misconduct. Creating and implementing an infrastructure for reporting and managing ethical issues and inquiries is something for which an ethics officer is responsible. These systems could include email addresses, anonymous phone and fax numbers, and Web contact pages.
Joe Malec is a security analyst at St. Louis-based Enterprise Rent-A-Car Co., specializing in compliance and application security. He is also the president of the St. Louis chapter of the Information Systems Security Association and serves on the ISSA International Ethics Committee.
|
|
|
|
Expert's Corner
