IT Compliance Made Easy
making compliance work for you
with application lifecycle management
r
e
p
a
p
e
t
i
h
wMaking Compliance Work for You with Application Lifecycle ManagementA White Paper by Aldon
Version 1.0: March 2008 Version 2.0: Revised July 2008
Aldon Application Lifecycle Management's formal, automated services and application development processes improve quality and delivery, reduce costs, and ensure compliance. By installing a regimen of internal controls over IT, today's savvy businesses are using compliance as an opportunity to significantly improve productivity and quality and go after that holy grail of true business-IT integration. This white paper examines how corporations can align business initiatives and increase ROI through IT compliance.
® 2008 Aldon. All rights reserved. Aldon and the Aldon logo are registered trademarks of Aldon. All other trademarks are of their respective holders. 280701WPMCWALMV21
Making Compliance Work for You
In addition to the traditional challenge of remaining competitive, today's organizations must also contend with growing regulatory requirements just to remain in business. Fortunately, while achieving regulatory compliance is challenging, doing so can offer significant-and unexpected -rewards for the enterprise. Mastering compliance gives companies a springboard to a myriad of process improvements that can directly and positively impact a company's bottom line.
In this white paper, we examine regulatory compliance requirements, their effects on IT and the business, and how Application Lifecycle Management (ALM) can not only simplify the task, but can also turn those compliance efforts into a powerful business advantage.
The demand for IT governance is a direct result of numerous legislative initiatives that were signed into law in reaction to financial and other business crises. The resulting mandates typically require companies to examine and prove their ability to accurately audit practices in numerous operational areas of their business. In this environment, IT's classic mode of frenetic chaos was untenable. Since
Making Compliance Work for You with Application Lifecycle Management2
most changes must be reflected in IT systems, IT became an obvious point to monitor. It quickly became evident that IT needed more structured management and control.
Companies can be forgiven for believing compliance is a millstone around their necks. From Sarbanes-Oxley (SOX) for publicly traded companies, Basel II in the banking industry, FSA regulations and PCI Compliance in financial services and retail, and 21 CFR Part 11 and HIPAA in pharmaceutical and healthcare, sorting out reporting requirements can be overwhelming and confusing.
To further complicate matters, many organizations are tasked with ensuring their efforts meet not only one, but multiple mandates. For example, a United States-based financial services firm might need to comply with requirements from Gramm-Leach-Bliley (GLBA), Sarbanes-Oxley (SOX), and various U.S. Securities and Exchange Commission (SEC) regulations.
But what is really being asked? Thankfully, the regulatory bodies share many requirements. For example, one overarching recommendation common to all of the mandates is that organizations implement documented and repeatable business processes and that those processes introduce appropriate controls to prevent error or fraud. This holds true for software development for business critical applications.
According to regulations, IT must not only ensure that changes in software development are made in a controlled and auditable fashion, but it must also flag for management any changes that will have a "significant impact" on the business.
To meet this requirement, IT must: vUnderstand the internal control program and the reporting process;vIdentify risks related to IT;vDesign and implement controls to mitigate risk and continuously monitor them for effectiveness;vDocument and test IT controls; andvEnsure that IT controls are updated as necessary to... [download for more]
